Vulnerability-Lookup

Vendor	Product	Description
Siemens	N/A	SIMATIC PCS neo V6.0 versions antérieures à V6.0 SP1
Siemens	N/A	SIMATIC WinCC V17, v18 et V20 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759
Siemens	N/A	SIMATIC Control Function Library (CFL) toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIPROTEC 5 versions antérieures à 10.0
Siemens	N/A	SIMATIC MTP Integrator toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC ProSave V17 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC Unified Line Coordination toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC TeleControl toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC OA V3.19 versions antérieures à V3.19 P020
Siemens	N/A	SIMATIC WinCC flexible ES toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-54678.
Siemens	N/A	SIMATIC S7-Fail-safe Configuration Tool (S7-FCT) versions antérieures à 4.0.1
Siemens	N/A	SIMATIC PCS neo V6.0 toutes versions pour la vulnérabilité CVE-2024-54678
Siemens	N/A	SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC MTP CREATOR V2.x et V3.x toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033.
Siemens	N/A	SIMATIC WinCC OA V3.18 versions antérieures à V3.18 P032
Siemens	N/A	TIA Portal Cloud V19 versions antérieures à 5.2.1.1
Siemens	N/A	SIMATIC D7-SYS toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC BATCH V10.0 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC ODK 1500S toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Process Historian 2020 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2025-30033 et CVE-2025-47809
Siemens	N/A	SIMATIC S7-1500 Software Controller V2 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	TIA Portal Cloud Connector toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC Unified Sequence toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40759.
Siemens	N/A	SIMATIC WinCC Runtime Advanced toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Logon V2.0 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC ProSave V19 versions antérieures à V19 Update 4
Siemens	N/A	SIMATIC PDM Maintenance Station V5.0 toutes versions pour les vulnérabilités CVE-2025-30033 et CVE-2025-47809
Siemens	N/A	SIMATIC Safety Matrix toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Management Console toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SCALANCE XCM-/XRM-/XCH-/XRH-300 family versions antérieures à 3.2
Siemens	N/A	SIMATIC BATCH V9.1 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033.
Siemens	N/A	SIMATIC Process Function Library (PFL) V4.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033.
Siemens	N/A	SIMATIC S7-1500 Software Controller V3 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC STEP 7 CFC V20 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033.
Siemens	N/A	SIMATIC NET PC Software toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Route Control V9.1 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC OA V3.20 versions antérieures à V3.20 P008
Siemens	N/A	SIMATIC RTLS Locating Manager versions antérieures à 3.3
Siemens	N/A	Siprotec 4 7SA6, 7SD5 et 7SD610 versions antérieures à 4.78
Siemens	N/A	SIMATIC Automation Tool toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	TIA Portal Cloud V18 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759
Siemens	N/A	SIMATIC PDM V9.2 et V9.3 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC Runtime Professional toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC Visualization Architect (SiVArc) toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC eaSie Workflow Skills toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC STEP 7 CFC V19 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033.
Siemens	N/A	SIMATIC WinCC V19 versions antérieures à V19 Update 4
Siemens	N/A	SIMATIC Management Agent toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC V7.5 et V8.0 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC STEP 7 V5.7 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Automation Tool SDK Windows toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2025-47809
Siemens	N/A	SIMATIC S7-PLCSIM V20 versions antérieures à V20 Update 1
Siemens	N/A	TIA Portal Cloud V17 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759
Siemens	N/A	SIMATIC Energy Suite toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC PCS 7 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Process Historian 2024 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC STEP 7 V19 versions antérieures à V19 Update 4
Siemens	N/A	TIA Portal Test Suite V17, v18, v19 et v20 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC S7-PCT toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Target toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC ProSave V18 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033.
Siemens	N/A	SIMATIC Logon V1.6 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033.
Siemens	N/A	SIMATIC STEP 7 V17 et V18 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759
Siemens	N/A	SIMATIC RTLS Locating Manager versions antérieures à 3.2
Siemens	N/A	SIMATIC S7-PLCSIM Advanced versions antérieures à V7.0 Update 1
Siemens	N/A	SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-54678
Siemens	N/A	SIMATIC STEP 7 V20 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759
Siemens	N/A	TIA Portal Cloud V20 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759
Siemens	N/A	Siprotec 4 toutes versions et tous modèles exceptés 7SA6, 7SD5, 7SD610 pour la vulnérabilité CVE-2024-52504.
Siemens	N/A	SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 versions antérieures à 3.2
Siemens	N/A	SIMATIC S7-PLCSIM V17, V18 et V19 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC Unified PC Runtime V18, V19 et V20 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC PCS 7 Advanced Process Faceplates V9.1 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC S7 F Systems V6.4 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC Information Server toutes versions pour la vulnérabilité CVE-2025-47809
Siemens	N/A	SIMATIC S7 F Systems V6.3 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033.
Siemens	N/A	SIMATIC ProSave V20 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC PCS 7 Logic Matrix V9.1 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	WinCC Panel Image Setup toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC PCS neo V4.1 et V5.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-54678.
Siemens	N/A	SIMATIC Route Control V10.0 toutes versions pour la vulnérabilité CVE-2025-30033
Siemens	N/A	SIMATIC WinCC V8.1 versions antérieures à V8.1 Update 3

CVE-2024-46724 (GCVE-0-2024-46724)

Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2025-11-03 22:17

Title

drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/725b728cc0c8c5faf…
	https://git.kernel.org/stable/c/45f7b02afc464c208…
	https://git.kernel.org/stable/c/32915dc909ff50282…
	https://git.kernel.org/stable/c/f9267972490f9fcff…
	https://git.kernel.org/stable/c/db7a86676fd624768…
	https://git.kernel.org/stable/c/d768394fa99467bcf…

Impacted products

Vendor

Product

Version

Linux

Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 725b728cc0c8c5fafdfb51cb0937870d33a40fa4 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 45f7b02afc464c208e8f56bcbc672ef5c364c815 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 32915dc909ff502823babfe07d5416c5b6e8a8b1 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < f9267972490f9fcffe146e79828e97acc0da588c (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < db7a86676fd624768a5d907faf34ad7bb4ff25f4 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < d768394fa99467bcf2703bde74ddc96eeb0b71fa (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46724",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:56:02.346658Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:56:16.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:05.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/df_v1_7.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "725b728cc0c8c5fafdfb51cb0937870d33a40fa4",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "45f7b02afc464c208e8f56bcbc672ef5c364c815",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "32915dc909ff502823babfe07d5416c5b6e8a8b1",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "f9267972490f9fcffe146e79828e97acc0da588c",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "db7a86676fd624768a5d907faf34ad7bb4ff25f4",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "d768394fa99467bcf2703bde74ddc96eeb0b71fa",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/df_v1_7.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:50.121Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4"
        },
        {
          "url": "https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815"
        },
        {
          "url": "https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c"
        },
        {
          "url": "https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa"
        }
      ],
      "title": "drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46724",
    "datePublished": "2024-09-18T06:32:21.220Z",
    "dateReserved": "2024-09-11T15:12:18.255Z",
    "dateUpdated": "2025-11-03T22:17:05.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42148 (GCVE-0-2024-42148)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:02

Title

bnx2x: Fix multiple UBSAN array-index-out-of-bounds

Summary

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FP_SB_MAX_E1x using the num_queues module parameter. Currently there is a read/write out of bounds that occurs on the array "struct stats_query_entry query" present inside the "bnx2x_fw_stats_req" struct in "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h". Looking at the definition of the "struct stats_query_entry query" array: struct stats_query_entry query[FP_SB_MAX_E1x+ BNX2X_FIRST_QUEUE_QUERY_IDX]; FP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and has a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3 meaning the array has a total size of 19. Since accesses to "struct stats_query_entry query" are offset-ted by BNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet queues should not exceed FP_SB_MAX_E1x (16). However one of these queues is reserved for FCOE and thus the number of Ethernet queues should be set to [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if it is not. This is also described in a comment in the source code in drivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition of FP_SB_MAX_E1x. Below is the part of this explanation that it important for this patch /* * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is * control by the number of fast-path status blocks supported by the * device (HW/FW). Each fast-path status block (FP-SB) aka non-default * status block represents an independent interrupts context that can * serve a regular L2 networking queue. However special L2 queues such * as the FCoE queue do not require a FP-SB and other components like * the CNIC may consume FP-SB reducing the number of possible L2 queues * * If the maximum number of FP-SB available is X then: * a. If CNIC is supported it consumes 1 FP-SB thus the max number of * regular L2 queues is Y=X-1 * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor) * c. If the FCoE L2 queue is supported the actual number of L2 queues * is Y+1 * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for * slow-path interrupts) or Y+2 if CNIC is supported (one additional * FP interrupt context for the CNIC). * e. The number of HW context (CID count) is always X or X+1 if FCoE * L2 queue is supported. The cid for the FCoE L2 queue is always X. */ However this driver also supports NICs that use the E2 controller which can handle more queues due to having more FP-SB represented by FP_SB_MAX_E2. Looking at the commits when the E2 support was added, it was originally using the E1x parameters: commit f2e0899f0f27 ("bnx2x: Add 57712 support"). Back then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver was later updated to take full advantage of the E2 instead of having it be limited to the capabilities of the E1x. But as far as we can tell, the array "stats_query_entry query" was still limited to using the FP-SB available to the E1x cards as part of an oversignt when the driver was updated to take full advantage of the E2, and now with the driver being aware of the greater queue size supported by E2 NICs, it causes the UBSAN warnings seen in the stack traces below. This patch increases the size of the "stats_query_entry query" array by replacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle both types of NICs. Stack traces: UBSAN: array-index-out-of-bounds in drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11 index 20 is out of range for type 'stats_query_entry [19]' CPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic #202405052133 Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cfb04472ce33bee25…
	https://git.kernel.org/stable/c/cbe53087026ad929c…
	https://git.kernel.org/stable/c/8b17cec33892a66bb…
	https://git.kernel.org/stable/c/0edae06b4c227bcfa…
	https://git.kernel.org/stable/c/9504a1550686f53b0…
	https://git.kernel.org/stable/c/f1313ea92f8245192…
	https://git.kernel.org/stable/c/b9ea38e767459111a…
	https://git.kernel.org/stable/c/134061163ee5ca475…

Impacted products

Vendor

Product

Version

Linux

Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < cfb04472ce33bee2579caf4dc9f4242522f6e26e (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < cbe53087026ad929cd3950508397e8892a6a2a0f (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < 8b17cec33892a66bbd71f8d9a70a45e2072ae84f (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < 0edae06b4c227bcfaf3ce21208d49191e1009d3b (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < 9504a1550686f53b0bab4cab31d435383b1ee2ce (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < f1313ea92f82451923e28ab45a4aaa0e70e80b98 (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < b9ea38e767459111a511ed4fb74abc37db95a59d (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < 134061163ee5ca4759de5c24ca3bd71608891ba7 (git)

Linux

Affected: 3.3
Unaffected: 0 , < 3.3 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:14.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cfb04472ce33bee2579caf4dc9f4242522f6e26e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbe53087026ad929cd3950508397e8892a6a2a0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b17cec33892a66bbd71f8d9a70a45e2072ae84f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0edae06b4c227bcfaf3ce21208d49191e1009d3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9504a1550686f53b0bab4cab31d435383b1ee2ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f1313ea92f82451923e28ab45a4aaa0e70e80b98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b9ea38e767459111a511ed4fb74abc37db95a59d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/134061163ee5ca4759de5c24ca3bd71608891ba7"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:34.762201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:34.889Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cfb04472ce33bee2579caf4dc9f4242522f6e26e",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "cbe53087026ad929cd3950508397e8892a6a2a0f",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "8b17cec33892a66bbd71f8d9a70a45e2072ae84f",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "0edae06b4c227bcfaf3ce21208d49191e1009d3b",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "9504a1550686f53b0bab4cab31d435383b1ee2ce",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "f1313ea92f82451923e28ab45a4aaa0e70e80b98",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "b9ea38e767459111a511ed4fb74abc37db95a59d",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "134061163ee5ca4759de5c24ca3bd71608891ba7",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnx2x: Fix multiple UBSAN array-index-out-of-bounds\n\nFix UBSAN warnings that occur when using a system with 32 physical\ncpu cores or more, or when the user defines a number of Ethernet\nqueues greater than or equal to FP_SB_MAX_E1x using the num_queues\nmodule parameter.\n\nCurrently there is a read/write out of bounds that occurs on the array\n\"struct stats_query_entry query\" present inside the \"bnx2x_fw_stats_req\"\nstruct in \"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h\".\nLooking at the definition of the \"struct stats_query_entry query\" array:\n\nstruct stats_query_entry query[FP_SB_MAX_E1x+\n         BNX2X_FIRST_QUEUE_QUERY_IDX];\n\nFP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and\nhas a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3\nmeaning the array has a total size of 19.\nSince accesses to \"struct stats_query_entry query\" are offset-ted by\nBNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet\nqueues should not exceed FP_SB_MAX_E1x (16). However one of these queues\nis reserved for FCOE and thus the number of Ethernet queues should be set\nto [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if\nit is not.\n\nThis is also described in a comment in the source code in\ndrivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition\nof FP_SB_MAX_E1x. Below is the part of this explanation that it important\nfor this patch\n\n/*\n  * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is\n  * control by the number of fast-path status blocks supported by the\n  * device (HW/FW). Each fast-path status block (FP-SB) aka non-default\n  * status block represents an independent interrupts context that can\n  * serve a regular L2 networking queue. However special L2 queues such\n  * as the FCoE queue do not require a FP-SB and other components like\n  * the CNIC may consume FP-SB reducing the number of possible L2 queues\n  *\n  * If the maximum number of FP-SB available is X then:\n  * a. If CNIC is supported it consumes 1 FP-SB thus the max number of\n  *    regular L2 queues is Y=X-1\n  * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor)\n  * c. If the FCoE L2 queue is supported the actual number of L2 queues\n  *    is Y+1\n  * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for\n  *    slow-path interrupts) or Y+2 if CNIC is supported (one additional\n  *    FP interrupt context for the CNIC).\n  * e. The number of HW context (CID count) is always X or X+1 if FCoE\n  *    L2 queue is supported. The cid for the FCoE L2 queue is always X.\n  */\n\nHowever this driver also supports NICs that use the E2 controller which can\nhandle more queues due to having more FP-SB represented by FP_SB_MAX_E2.\nLooking at the commits when the E2 support was added, it was originally\nusing the E1x parameters: commit f2e0899f0f27 (\"bnx2x: Add 57712 support\").\nBack then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver\nwas later updated to take full advantage of the E2 instead of having it be\nlimited to the capabilities of the E1x. But as far as we can tell, the\narray \"stats_query_entry query\" was still limited to using the FP-SB\navailable to the E1x cards as part of an oversignt when the driver was\nupdated to take full advantage of the E2, and now with the driver being\naware of the greater queue size supported by E2 NICs, it causes the UBSAN\nwarnings seen in the stack traces below.\n\nThis patch increases the size of the \"stats_query_entry query\" array by\nreplacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle\nboth types of NICs.\n\nStack traces:\n\nUBSAN: array-index-out-of-bounds in\n       drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11\nindex 20 is out of range for type \u0027stats_query_entry [19]\u0027\nCPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic\n\t     #202405052133\nHardware name: HP ProLiant DL360 Gen9/ProLiant DL360 \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:09.076Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cfb04472ce33bee2579caf4dc9f4242522f6e26e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbe53087026ad929cd3950508397e8892a6a2a0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b17cec33892a66bbd71f8d9a70a45e2072ae84f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0edae06b4c227bcfaf3ce21208d49191e1009d3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9504a1550686f53b0bab4cab31d435383b1ee2ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1313ea92f82451923e28ab45a4aaa0e70e80b98"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9ea38e767459111a511ed4fb74abc37db95a59d"
        },
        {
          "url": "https://git.kernel.org/stable/c/134061163ee5ca4759de5c24ca3bd71608891ba7"
        }
      ],
      "title": "bnx2x: Fix multiple UBSAN array-index-out-of-bounds",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42148",
    "datePublished": "2024-07-30T07:46:41.203Z",
    "dateReserved": "2024-07-29T15:50:41.191Z",
    "dateUpdated": "2025-11-03T22:02:14.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36974 (GCVE-0-2024-36974)

Vulnerability from cvelistv5 – Published: 2024-06-18 19:15 – Updated: 2025-05-04 09:13

Title

net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

Summary

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c6041e7124464ce7e…
	https://git.kernel.org/stable/c/6db4af09987cc5d5f…
	https://git.kernel.org/stable/c/d3dde4c217f0c31ab…
	https://git.kernel.org/stable/c/0bf6cc96612bd3960…
	https://git.kernel.org/stable/c/724050ae4b76e4fae…
	https://git.kernel.org/stable/c/c37a27a35eadb5928…
	https://git.kernel.org/stable/c/f921a58ae20852d18…

Impacted products

Vendor

Product

Version

Linux

Affected: a3d43c0d56f1b94e74963a2fbadfb70126d92213 , < c6041e7124464ce7e896ee3f912897ce88a0c4ec (git)
Affected: a3d43c0d56f1b94e74963a2fbadfb70126d92213 , < 6db4af09987cc5d5f0136bd46148b0e0460dae5b (git)
Affected: a3d43c0d56f1b94e74963a2fbadfb70126d92213 , < d3dde4c217f0c31ab0621912e682b57e677dd923 (git)
Affected: a3d43c0d56f1b94e74963a2fbadfb70126d92213 , < 0bf6cc96612bd396048f57d63f1ad454a846e39c (git)
Affected: a3d43c0d56f1b94e74963a2fbadfb70126d92213 , < 724050ae4b76e4fae05a923cb54101d792cf4404 (git)
Affected: a3d43c0d56f1b94e74963a2fbadfb70126d92213 , < c37a27a35eadb59286c9092c49c241270c802ae2 (git)
Affected: a3d43c0d56f1b94e74963a2fbadfb70126d92213 , < f921a58ae20852d188f70842431ce6519c4fdc36 (git)

Linux

Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6041e7124464ce7e896ee3f912897ce88a0c4ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6db4af09987cc5d5f0136bd46148b0e0460dae5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3dde4c217f0c31ab0621912e682b57e677dd923"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0bf6cc96612bd396048f57d63f1ad454a846e39c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/724050ae4b76e4fae05a923cb54101d792cf4404"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c37a27a35eadb59286c9092c49c241270c802ae2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f921a58ae20852d188f70842431ce6519c4fdc36"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:15:26.013777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:58.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c6041e7124464ce7e896ee3f912897ce88a0c4ec",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "6db4af09987cc5d5f0136bd46148b0e0460dae5b",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "d3dde4c217f0c31ab0621912e682b57e677dd923",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "0bf6cc96612bd396048f57d63f1ad454a846e39c",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "724050ae4b76e4fae05a923cb54101d792cf4404",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "c37a27a35eadb59286c9092c49c241270c802ae2",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "f921a58ae20852d188f70842431ce6519c4fdc36",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP\n\nIf one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,\ntaprio_parse_mqprio_opt() must validate it, or userspace\ncan inject arbitrary data to the kernel, the second time\ntaprio_change() is called.\n\nFirst call (with valid attributes) sets dev-\u003enum_tc\nto a non zero value.\n\nSecond call (with arbitrary mqprio attributes)\nreturns early from taprio_parse_mqprio_opt()\nand bad things can happen."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:10.176Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c6041e7124464ce7e896ee3f912897ce88a0c4ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/6db4af09987cc5d5f0136bd46148b0e0460dae5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3dde4c217f0c31ab0621912e682b57e677dd923"
        },
        {
          "url": "https://git.kernel.org/stable/c/0bf6cc96612bd396048f57d63f1ad454a846e39c"
        },
        {
          "url": "https://git.kernel.org/stable/c/724050ae4b76e4fae05a923cb54101d792cf4404"
        },
        {
          "url": "https://git.kernel.org/stable/c/c37a27a35eadb59286c9092c49c241270c802ae2"
        },
        {
          "url": "https://git.kernel.org/stable/c/f921a58ae20852d188f70842431ce6519c4fdc36"
        }
      ],
      "title": "net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36974",
    "datePublished": "2024-06-18T19:15:07.892Z",
    "dateReserved": "2024-05-30T15:25:07.082Z",
    "dateUpdated": "2025-05-04T09:13:10.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56533 (GCVE-0-2024-56533)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:11 – Updated: 2025-11-03 20:49

Title

ALSA: usx2y: Use snd_card_free_when_closed() at disconnection

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/24fe9f7ca83ec9acf…
	https://git.kernel.org/stable/c/befcca1777525e37c…
	https://git.kernel.org/stable/c/7bd8838c0ea886679…
	https://git.kernel.org/stable/c/e07605d855c4104d9…
	https://git.kernel.org/stable/c/ffbfc6c4330fc2336…
	https://git.kernel.org/stable/c/e869642a77a9b3b98…
	https://git.kernel.org/stable/c/dafb28f02be407e07…

Impacted products

Vendor

Product

Version

Linux

Affected: 230cd5e24853ed4dd960461989b8ed0986d37a99 , < 24fe9f7ca83ec9acf765339054951f5cd9ae5c5d (git)
Affected: 230cd5e24853ed4dd960461989b8ed0986d37a99 , < befcca1777525e37c659b4129d8ac7463b07ef67 (git)
Affected: 230cd5e24853ed4dd960461989b8ed0986d37a99 , < 7bd8838c0ea886679a32834fdcacab296d072fbe (git)
Affected: 230cd5e24853ed4dd960461989b8ed0986d37a99 , < e07605d855c4104d981653146a330ea48f6266ed (git)
Affected: 230cd5e24853ed4dd960461989b8ed0986d37a99 , < ffbfc6c4330fc233698529656798bee44fea96f5 (git)
Affected: 230cd5e24853ed4dd960461989b8ed0986d37a99 , < e869642a77a9b3b98b0ab2c8fec7af4385140909 (git)
Affected: 230cd5e24853ed4dd960461989b8ed0986d37a99 , < dafb28f02be407e07a6f679e922a626592b481b0 (git)

Linux

Affected: 2.6.13
Unaffected: 0 , < 2.6.13 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56533",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:02:46.027928Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:17.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:16.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/usx2y/usbusx2y.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "24fe9f7ca83ec9acf765339054951f5cd9ae5c5d",
              "status": "affected",
              "version": "230cd5e24853ed4dd960461989b8ed0986d37a99",
              "versionType": "git"
            },
            {
              "lessThan": "befcca1777525e37c659b4129d8ac7463b07ef67",
              "status": "affected",
              "version": "230cd5e24853ed4dd960461989b8ed0986d37a99",
              "versionType": "git"
            },
            {
              "lessThan": "7bd8838c0ea886679a32834fdcacab296d072fbe",
              "status": "affected",
              "version": "230cd5e24853ed4dd960461989b8ed0986d37a99",
              "versionType": "git"
            },
            {
              "lessThan": "e07605d855c4104d981653146a330ea48f6266ed",
              "status": "affected",
              "version": "230cd5e24853ed4dd960461989b8ed0986d37a99",
              "versionType": "git"
            },
            {
              "lessThan": "ffbfc6c4330fc233698529656798bee44fea96f5",
              "status": "affected",
              "version": "230cd5e24853ed4dd960461989b8ed0986d37a99",
              "versionType": "git"
            },
            {
              "lessThan": "e869642a77a9b3b98b0ab2c8fec7af4385140909",
              "status": "affected",
              "version": "230cd5e24853ed4dd960461989b8ed0986d37a99",
              "versionType": "git"
            },
            {
              "lessThan": "dafb28f02be407e07a6f679e922a626592b481b0",
              "status": "affected",
              "version": "230cd5e24853ed4dd960461989b8ed0986d37a99",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/usx2y/usbusx2y.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.13"
            },
            {
              "lessThan": "2.6.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usx2y: Use snd_card_free_when_closed() at disconnection\n\nThe USB disconnect callback is supposed to be short and not too-long\nwaiting.  OTOH, the current code uses snd_card_free() at\ndisconnection, but this waits for the close of all used fds, hence it\ncan take long.  It eventually blocks the upper layer USB ioctls, which\nmay trigger a soft lockup.\n\nAn easy workaround is to replace snd_card_free() with\nsnd_card_free_when_closed().  This variant returns immediately while\nthe release of resources is done asynchronously by the card device\nrelease at the last close."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:57:29.687Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/24fe9f7ca83ec9acf765339054951f5cd9ae5c5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/befcca1777525e37c659b4129d8ac7463b07ef67"
        },
        {
          "url": "https://git.kernel.org/stable/c/7bd8838c0ea886679a32834fdcacab296d072fbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/e07605d855c4104d981653146a330ea48f6266ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffbfc6c4330fc233698529656798bee44fea96f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/e869642a77a9b3b98b0ab2c8fec7af4385140909"
        },
        {
          "url": "https://git.kernel.org/stable/c/dafb28f02be407e07a6f679e922a626592b481b0"
        }
      ],
      "title": "ALSA: usx2y: Use snd_card_free_when_closed() at disconnection",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56533",
    "datePublished": "2024-12-27T14:11:16.256Z",
    "dateReserved": "2024-12-27T14:03:05.985Z",
    "dateUpdated": "2025-11-03T20:49:16.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56587 (GCVE-0-2024-56587)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:50 – Updated: 2026-01-05 10:55

Title

leds: class: Protect brightness_show() with led_cdev->led_access mutex

Summary

In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightness_show() with led_cdev->led_access mutex There is NULL pointer issue observed if from Process A where hid device being added which results in adding a led_cdev addition and later a another call to access of led_cdev attribute from Process B can result in NULL pointer issue. Use mutex led_cdev->led_access to protect access to led->cdev and its attribute inside brightness_show() and max_brightness_show() and also update the comment for mutex that it should be used to protect the led class device fields. Process A Process B kthread+0x114 worker_thread+0x244 process_scheduled_works+0x248 uhid_device_add_worker+0x24 hid_add_device+0x120 device_add+0x268 bus_probe_device+0x94 device_initial_probe+0x14 __device_attach+0xfc bus_for_each_drv+0x10c __device_attach_driver+0x14c driver_probe_device+0x3c __driver_probe_device+0xa0 really_probe+0x190 hid_device_probe+0x130 ps_probe+0x990 ps_led_register+0x94 devm_led_classdev_register_ext+0x58 led_classdev_register_ext+0x1f8 device_create_with_groups+0x48 device_create_groups_vargs+0xc8 device_add+0x244 kobject_uevent+0x14 kobject_uevent_env[jt]+0x224 mutex_unlock[jt]+0xc4 __mutex_unlock_slowpath+0xd4 wake_up_q+0x70 try_to_wake_up[jt]+0x48c preempt_schedule_common+0x28 __schedule+0x628 __switch_to+0x174 el0t_64_sync+0x1a8/0x1ac el0t_64_sync_handler+0x68/0xbc el0_svc+0x38/0x68 do_el0_svc+0x1c/0x28 el0_svc_common+0x80/0xe0 invoke_syscall+0x58/0x114 __arm64_sys_read+0x1c/0x2c ksys_read+0x78/0xe8 vfs_read+0x1e0/0x2c8 kernfs_fop_read_iter+0x68/0x1b4 seq_read_iter+0x158/0x4ec kernfs_seq_show+0x44/0x54 sysfs_kf_seq_show+0xb4/0x130 dev_attr_show+0x38/0x74 brightness_show+0x20/0x4c dualshock4_led_get_brightness+0xc/0x74 [ 3313.874295][ T4013] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 3313.874301][ T4013] Mem abort info: [ 3313.874303][ T4013] ESR = 0x0000000096000006 [ 3313.874305][ T4013] EC = 0x25: DABT (current EL), IL = 32 bits [ 3313.874307][ T4013] SET = 0, FnV = 0 [ 3313.874309][ T4013] EA = 0, S1PTW = 0 [ 3313.874311][ T4013] FSC = 0x06: level 2 translation fault [ 3313.874313][ T4013] Data abort info: [ 3313.874314][ T4013] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 3313.874316][ T4013] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 3313.874318][ T4013] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 3313.874320][ T4013] user pgtable: 4k pages, 39-bit VAs, pgdp=00000008f2b0a000 .. [ 3313.874332][ T4013] Dumping ftrace buffer: [ 3313.874334][ T4013] (ftrace buffer empty) .. .. [ dd3313.874639][ T4013] CPU: 6 PID: 4013 Comm: InputReader [ 3313.874648][ T4013] pc : dualshock4_led_get_brightness+0xc/0x74 [ 3313.874653][ T4013] lr : led_update_brightness+0x38/0x60 [ 3313.874656][ T4013] sp : ffffffc0b910bbd0 .. .. [ 3313.874685][ T4013] Call trace: [ 3313.874687][ T4013] dualshock4_led_get_brightness+0xc/0x74 [ 3313.874690][ T4013] brightness_show+0x20/0x4c [ 3313.874692][ T4013] dev_attr_show+0x38/0x74 [ 3313.874696][ T4013] sysfs_kf_seq_show+0xb4/0x130 [ 3313.874700][ T4013] kernfs_seq_show+0x44/0x54 [ 3313.874703][ T4013] seq_read_iter+0x158/0x4ec [ 3313.874705][ T4013] kernfs_fop_read_iter+0x68/0x1b4 [ 3313.874708][ T4013] vfs_read+0x1e0/0x2c8 [ 3313.874711][ T4013] ksys_read+0x78/0xe8 [ 3313.874714][ T4013] __arm64_sys_read+0x1c/0x2c [ 3313.874718][ T4013] invoke_syscall+0x58/0x114 [ 3313.874721][ T4013] el0_svc_common+0x80/0xe0 [ 3313.874724][ T4013] do_el0_svc+0x1c/0x28 [ 3313.874727][ T4013] el0_svc+0x38/0x68 [ 3313.874730][ T4013] el0t_64_sync_handler+0x68/0xbc [ 3313.874732][ T4013] el0t_64_sync+0x1a8/0x1ac

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/84b42d5b5fcd767c9…
	https://git.kernel.org/stable/c/ddcfc5708da9972ac…
	https://git.kernel.org/stable/c/b8283d52ed15c02bb…
	https://git.kernel.org/stable/c/50d9f68e4adf86901…
	https://git.kernel.org/stable/c/f6d6fb563e4be245a…
	https://git.kernel.org/stable/c/bb4a6236a430cfc37…
	https://git.kernel.org/stable/c/4ca7cd938725a4050…

Impacted products

Vendor

Product

Version

Linux

Affected: 29d76dfa29fe22583aefddccda0bc56aa81035dc , < 84b42d5b5fcd767c9b7f30b0b32065ed949fe804 (git)
Affected: 29d76dfa29fe22583aefddccda0bc56aa81035dc , < ddcfc5708da9972ac23a9121b3d819b0a53d6f21 (git)
Affected: 29d76dfa29fe22583aefddccda0bc56aa81035dc , < b8283d52ed15c02bb2eb9b1b8644dcc34f8e98f1 (git)
Affected: 29d76dfa29fe22583aefddccda0bc56aa81035dc , < 50d9f68e4adf86901cbab1bd5b91f710aa9141b9 (git)
Affected: 29d76dfa29fe22583aefddccda0bc56aa81035dc , < f6d6fb563e4be245a17bc4261a4b294e8bf8a31e (git)
Affected: 29d76dfa29fe22583aefddccda0bc56aa81035dc , < bb4a6236a430cfc3713f470f3a969f39d6d4ca25 (git)
Affected: 29d76dfa29fe22583aefddccda0bc56aa81035dc , < 4ca7cd938725a4050dcd62ae9472e931d603118d (git)

Linux

Affected: 2.6.26
Unaffected: 0 , < 2.6.26 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:01:43.486351Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:14.458Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:09.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/leds/led-class.c",
            "include/linux/leds.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84b42d5b5fcd767c9b7f30b0b32065ed949fe804",
              "status": "affected",
              "version": "29d76dfa29fe22583aefddccda0bc56aa81035dc",
              "versionType": "git"
            },
            {
              "lessThan": "ddcfc5708da9972ac23a9121b3d819b0a53d6f21",
              "status": "affected",
              "version": "29d76dfa29fe22583aefddccda0bc56aa81035dc",
              "versionType": "git"
            },
            {
              "lessThan": "b8283d52ed15c02bb2eb9b1b8644dcc34f8e98f1",
              "status": "affected",
              "version": "29d76dfa29fe22583aefddccda0bc56aa81035dc",
              "versionType": "git"
            },
            {
              "lessThan": "50d9f68e4adf86901cbab1bd5b91f710aa9141b9",
              "status": "affected",
              "version": "29d76dfa29fe22583aefddccda0bc56aa81035dc",
              "versionType": "git"
            },
            {
              "lessThan": "f6d6fb563e4be245a17bc4261a4b294e8bf8a31e",
              "status": "affected",
              "version": "29d76dfa29fe22583aefddccda0bc56aa81035dc",
              "versionType": "git"
            },
            {
              "lessThan": "bb4a6236a430cfc3713f470f3a969f39d6d4ca25",
              "status": "affected",
              "version": "29d76dfa29fe22583aefddccda0bc56aa81035dc",
              "versionType": "git"
            },
            {
              "lessThan": "4ca7cd938725a4050dcd62ae9472e931d603118d",
              "status": "affected",
              "version": "29d76dfa29fe22583aefddccda0bc56aa81035dc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/leds/led-class.c",
            "include/linux/leds.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.26"
            },
            {
              "lessThan": "2.6.26",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: class: Protect brightness_show() with led_cdev-\u003eled_access mutex\n\nThere is NULL pointer issue observed if from Process A where hid device\nbeing added which results in adding a led_cdev addition and later a\nanother call to access of led_cdev attribute from Process B can result\nin NULL pointer issue.\n\nUse mutex led_cdev-\u003eled_access to protect access to led-\u003ecdev and its\nattribute inside brightness_show() and max_brightness_show() and also\nupdate the comment for mutex that it should be used to protect the led\nclass device fields.\n\n\tProcess A \t\t\t\tProcess B\n\n kthread+0x114\n worker_thread+0x244\n process_scheduled_works+0x248\n uhid_device_add_worker+0x24\n hid_add_device+0x120\n device_add+0x268\n bus_probe_device+0x94\n device_initial_probe+0x14\n __device_attach+0xfc\n bus_for_each_drv+0x10c\n __device_attach_driver+0x14c\n driver_probe_device+0x3c\n __driver_probe_device+0xa0\n really_probe+0x190\n hid_device_probe+0x130\n ps_probe+0x990\n ps_led_register+0x94\n devm_led_classdev_register_ext+0x58\n led_classdev_register_ext+0x1f8\n device_create_with_groups+0x48\n device_create_groups_vargs+0xc8\n device_add+0x244\n kobject_uevent+0x14\n kobject_uevent_env[jt]+0x224\n mutex_unlock[jt]+0xc4\n __mutex_unlock_slowpath+0xd4\n wake_up_q+0x70\n try_to_wake_up[jt]+0x48c\n preempt_schedule_common+0x28\n __schedule+0x628\n __switch_to+0x174\n\t\t\t\t\t\tel0t_64_sync+0x1a8/0x1ac\n\t\t\t\t\t\tel0t_64_sync_handler+0x68/0xbc\n\t\t\t\t\t\tel0_svc+0x38/0x68\n\t\t\t\t\t\tdo_el0_svc+0x1c/0x28\n\t\t\t\t\t\tel0_svc_common+0x80/0xe0\n\t\t\t\t\t\tinvoke_syscall+0x58/0x114\n\t\t\t\t\t\t__arm64_sys_read+0x1c/0x2c\n\t\t\t\t\t\tksys_read+0x78/0xe8\n\t\t\t\t\t\tvfs_read+0x1e0/0x2c8\n\t\t\t\t\t\tkernfs_fop_read_iter+0x68/0x1b4\n\t\t\t\t\t\tseq_read_iter+0x158/0x4ec\n\t\t\t\t\t\tkernfs_seq_show+0x44/0x54\n\t\t\t\t\t\tsysfs_kf_seq_show+0xb4/0x130\n\t\t\t\t\t\tdev_attr_show+0x38/0x74\n\t\t\t\t\t\tbrightness_show+0x20/0x4c\n\t\t\t\t\t\tdualshock4_led_get_brightness+0xc/0x74\n\n[ 3313.874295][ T4013] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n[ 3313.874301][ T4013] Mem abort info:\n[ 3313.874303][ T4013]   ESR = 0x0000000096000006\n[ 3313.874305][ T4013]   EC = 0x25: DABT (current EL), IL = 32 bits\n[ 3313.874307][ T4013]   SET = 0, FnV = 0\n[ 3313.874309][ T4013]   EA = 0, S1PTW = 0\n[ 3313.874311][ T4013]   FSC = 0x06: level 2 translation fault\n[ 3313.874313][ T4013] Data abort info:\n[ 3313.874314][ T4013]   ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 3313.874316][ T4013]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 3313.874318][ T4013]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 3313.874320][ T4013] user pgtable: 4k pages, 39-bit VAs, pgdp=00000008f2b0a000\n..\n\n[ 3313.874332][ T4013] Dumping ftrace buffer:\n[ 3313.874334][ T4013]    (ftrace buffer empty)\n..\n..\n[ dd3313.874639][ T4013] CPU: 6 PID: 4013 Comm: InputReader\n[ 3313.874648][ T4013] pc : dualshock4_led_get_brightness+0xc/0x74\n[ 3313.874653][ T4013] lr : led_update_brightness+0x38/0x60\n[ 3313.874656][ T4013] sp : ffffffc0b910bbd0\n..\n..\n[ 3313.874685][ T4013] Call trace:\n[ 3313.874687][ T4013]  dualshock4_led_get_brightness+0xc/0x74\n[ 3313.874690][ T4013]  brightness_show+0x20/0x4c\n[ 3313.874692][ T4013]  dev_attr_show+0x38/0x74\n[ 3313.874696][ T4013]  sysfs_kf_seq_show+0xb4/0x130\n[ 3313.874700][ T4013]  kernfs_seq_show+0x44/0x54\n[ 3313.874703][ T4013]  seq_read_iter+0x158/0x4ec\n[ 3313.874705][ T4013]  kernfs_fop_read_iter+0x68/0x1b4\n[ 3313.874708][ T4013]  vfs_read+0x1e0/0x2c8\n[ 3313.874711][ T4013]  ksys_read+0x78/0xe8\n[ 3313.874714][ T4013]  __arm64_sys_read+0x1c/0x2c\n[ 3313.874718][ T4013]  invoke_syscall+0x58/0x114\n[ 3313.874721][ T4013]  el0_svc_common+0x80/0xe0\n[ 3313.874724][ T4013]  do_el0_svc+0x1c/0x28\n[ 3313.874727][ T4013]  el0_svc+0x38/0x68\n[ 3313.874730][ T4013]  el0t_64_sync_handler+0x68/0xbc\n[ 3313.874732][ T4013]  el0t_64_sync+0x1a8/0x1ac"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:52.017Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84b42d5b5fcd767c9b7f30b0b32065ed949fe804"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddcfc5708da9972ac23a9121b3d819b0a53d6f21"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8283d52ed15c02bb2eb9b1b8644dcc34f8e98f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/50d9f68e4adf86901cbab1bd5b91f710aa9141b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6d6fb563e4be245a17bc4261a4b294e8bf8a31e"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb4a6236a430cfc3713f470f3a969f39d6d4ca25"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ca7cd938725a4050dcd62ae9472e931d603118d"
        }
      ],
      "title": "leds: class: Protect brightness_show() with led_cdev-\u003eled_access mutex",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56587",
    "datePublished": "2024-12-27T14:50:55.402Z",
    "dateReserved": "2024-12-27T14:03:06.002Z",
    "dateUpdated": "2026-01-05T10:55:52.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46744 (GCVE-0-2024-46744)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-01-05 10:53

Title

Squashfs: sanity check symbolic link size

Summary

In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875536935 to inode->i_size. 2. Later squashfs_symlink_read_folio() is called, which assigns this corrupted value to the length variable, which being a signed int, overflows producing a negative number. 3. The following loop that fills in the page contents checks that the copied bytes is less than length, which being negative means the loop is skipped, producing an uninitialised page. This patch adds a sanity check which checks that the symbolic link size is not larger than expected. -- V2: fix spelling mistake.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f82cb7f24032ed023…
	https://git.kernel.org/stable/c/1b9451ba6f21478a7…
	https://git.kernel.org/stable/c/5c8906de98d0d7ad4…
	https://git.kernel.org/stable/c/087f25b2d36adae19…
	https://git.kernel.org/stable/c/fac5e82ab1334fc8e…
	https://git.kernel.org/stable/c/c3af7e460a526007e…
	https://git.kernel.org/stable/c/ef4e249971eb77ec3…
	https://git.kernel.org/stable/c/810ee43d9cd245d13…

Impacted products

Vendor

Product

Version

Linux

Affected: 6545b246a2c815a8fcd07d58240effb6ec3481b1 , < f82cb7f24032ed023fc67d26ea9bf322d8431a90 (git)
Affected: 6545b246a2c815a8fcd07d58240effb6ec3481b1 , < 1b9451ba6f21478a75288ea3e3fca4be35e2a438 (git)
Affected: 6545b246a2c815a8fcd07d58240effb6ec3481b1 , < 5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4 (git)
Affected: 6545b246a2c815a8fcd07d58240effb6ec3481b1 , < 087f25b2d36adae19951114ffcbb7106ed405ebb (git)
Affected: 6545b246a2c815a8fcd07d58240effb6ec3481b1 , < fac5e82ab1334fc8ed6ff7183702df634bd1d93d (git)
Affected: 6545b246a2c815a8fcd07d58240effb6ec3481b1 , < c3af7e460a526007e4bed1ce3623274a1a6afe5e (git)
Affected: 6545b246a2c815a8fcd07d58240effb6ec3481b1 , < ef4e249971eb77ec33d74c5c3de1e2576faf6c90 (git)
Affected: 6545b246a2c815a8fcd07d58240effb6ec3481b1 , < 810ee43d9cd245d138a2733d87a24858a23f577d (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46744",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:49:27.635364Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:49:42.459Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:35.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/squashfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f82cb7f24032ed023fc67d26ea9bf322d8431a90",
              "status": "affected",
              "version": "6545b246a2c815a8fcd07d58240effb6ec3481b1",
              "versionType": "git"
            },
            {
              "lessThan": "1b9451ba6f21478a75288ea3e3fca4be35e2a438",
              "status": "affected",
              "version": "6545b246a2c815a8fcd07d58240effb6ec3481b1",
              "versionType": "git"
            },
            {
              "lessThan": "5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4",
              "status": "affected",
              "version": "6545b246a2c815a8fcd07d58240effb6ec3481b1",
              "versionType": "git"
            },
            {
              "lessThan": "087f25b2d36adae19951114ffcbb7106ed405ebb",
              "status": "affected",
              "version": "6545b246a2c815a8fcd07d58240effb6ec3481b1",
              "versionType": "git"
            },
            {
              "lessThan": "fac5e82ab1334fc8ed6ff7183702df634bd1d93d",
              "status": "affected",
              "version": "6545b246a2c815a8fcd07d58240effb6ec3481b1",
              "versionType": "git"
            },
            {
              "lessThan": "c3af7e460a526007e4bed1ce3623274a1a6afe5e",
              "status": "affected",
              "version": "6545b246a2c815a8fcd07d58240effb6ec3481b1",
              "versionType": "git"
            },
            {
              "lessThan": "ef4e249971eb77ec33d74c5c3de1e2576faf6c90",
              "status": "affected",
              "version": "6545b246a2c815a8fcd07d58240effb6ec3481b1",
              "versionType": "git"
            },
            {
              "lessThan": "810ee43d9cd245d138a2733d87a24858a23f577d",
              "status": "affected",
              "version": "6545b246a2c815a8fcd07d58240effb6ec3481b1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/squashfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a \"KMSAN: uninit-value in pick_link\" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode-\u003ei_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:01.501Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb"
        },
        {
          "url": "https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90"
        },
        {
          "url": "https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d"
        }
      ],
      "title": "Squashfs: sanity check symbolic link size",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46744",
    "datePublished": "2024-09-18T07:12:04.975Z",
    "dateReserved": "2024-09-11T15:12:18.266Z",
    "dateUpdated": "2026-01-05T10:53:01.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47685 (GCVE-0-2024-47685)

Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:20

Title

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5661 [inline] __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775 process_backlog+0x4ad/0xa50 net/core/dev.c:6108 __napi_poll+0xe7/0x980 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [inline] net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963 handle_softirqs+0x1ce/0x800 kernel/softirq.c:554 __do_softirq+0x14/0x1a kernel/softirq.c:588 do_softirq+0x9a/0x100 kernel/softirq.c:455 __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline] __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450 dev_queue_xmit include/linux/netdevice.h:3105 [inline] neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366 inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143 tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333 __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679 inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750 __sys_connect_file net/socket.c:2061 [inline] __sys_connect+0x606/0x690 net/socket.c:2078 __do_sys_connect net/socket.c:2088 [inline] __se_sys_connect net/socket.c:2085 [inline] __x64_sys_connect+0x91/0xe0 net/socket.c:2085 x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/872eca64c3267dbc5…
	https://git.kernel.org/stable/c/7bcbc4cda777d26c8…
	https://git.kernel.org/stable/c/dcf48ab3ca2c55b09…
	https://git.kernel.org/stable/c/fbff87d682e57ddbb…
	https://git.kernel.org/stable/c/7ea2bcfd9bf4c3dbb…
	https://git.kernel.org/stable/c/af4b8a704f26f3831…
	https://git.kernel.org/stable/c/7a7b5a27c53b55e91…
	https://git.kernel.org/stable/c/10210658f827ad450…
	https://git.kernel.org/stable/c/9c778fe48d20ef362…

Impacted products

Vendor

Product

Version

Linux

Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 872eca64c3267dbc5836b715716fc6c03a18eda7 (git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 7bcbc4cda777d26c88500d973fad0d497fc8a82e (git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5 (git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd (git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2 (git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < af4b8a704f26f38310655bad67fd8096293275a2 (git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 7a7b5a27c53b55e91eecf646d1b204e73fa4af93 (git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 10210658f827ad45061581cbfc05924b723e8922 (git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 9c778fe48d20ef362047e3376dee56d77f8500d4 (git)

Linux

Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.54 , ≤ 6.6.* (semver)
Unaffected: 6.10.13 , ≤ 6.10.* (semver)
Unaffected: 6.11.2 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47685",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T13:06:45.955918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:14:16.073Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:20:52.270Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/netfilter/nf_reject_ipv6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "872eca64c3267dbc5836b715716fc6c03a18eda7",
              "status": "affected",
              "version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
              "versionType": "git"
            },
            {
              "lessThan": "7bcbc4cda777d26c88500d973fad0d497fc8a82e",
              "status": "affected",
              "version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
              "versionType": "git"
            },
            {
              "lessThan": "dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5",
              "status": "affected",
              "version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
              "versionType": "git"
            },
            {
              "lessThan": "fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd",
              "status": "affected",
              "version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
              "versionType": "git"
            },
            {
              "lessThan": "7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2",
              "status": "affected",
              "version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
              "versionType": "git"
            },
            {
              "lessThan": "af4b8a704f26f38310655bad67fd8096293275a2",
              "status": "affected",
              "version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
              "versionType": "git"
            },
            {
              "lessThan": "7a7b5a27c53b55e91eecf646d1b204e73fa4af93",
              "status": "affected",
              "version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
              "versionType": "git"
            },
            {
              "lessThan": "10210658f827ad45061581cbfc05924b723e8922",
              "status": "affected",
              "version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
              "versionType": "git"
            },
            {
              "lessThan": "9c778fe48d20ef362047e3376dee56d77f8500d4",
              "status": "affected",
              "version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/netfilter/nf_reject_ipv6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\n\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending\ngarbage on the four reserved tcp bits (th-\u003eres1)\n\nUse skb_put_zero() to clear the whole TCP header,\nas done in nf_reject_ip_tcphdr_put()\n\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n  nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n  nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n  nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n  expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n  nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n  nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK include/linux/netfilter.h:312 [inline]\n  ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\n  process_backlog+0x4ad/0xa50 net/core/dev.c:6108\n  __napi_poll+0xe7/0x980 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\n  handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\n  __do_softirq+0x14/0x1a kernel/softirq.c:588\n  do_softirq+0x9a/0x100 kernel/softirq.c:455\n  __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\n  local_bh_enable include/linux/bottom_half.h:33 [inline]\n  rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\n  __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\n  neigh_output include/net/neighbour.h:542 [inline]\n  ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\n  __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n  ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\n  NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n  ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\n  dst_output include/net/dst.h:450 [inline]\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\n  inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\n  __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\n  tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n  tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\n  tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\n  __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\n  inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\n  __sys_connect_file net/socket.c:2061 [inline]\n  __sys_connect+0x606/0x690 net/socket.c:2078\n  __do_sys_connect net/socket.c:2088 [inline]\n  __se_sys_connect net/socket.c:2085 [inline]\n  __x64_sys_connect+0x91/0xe0 net/socket.c:2085\n  x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n  nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\n  nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n  nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n  expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n  nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n  nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK include/linux/netfilter.h:312 [inline]\n  ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n  __netif_receive_skb_one_core\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:37:14.167Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/872eca64c3267dbc5836b715716fc6c03a18eda7"
        },
        {
          "url": "https://git.kernel.org/stable/c/7bcbc4cda777d26c88500d973fad0d497fc8a82e"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2"
        },
        {
          "url": "https://git.kernel.org/stable/c/af4b8a704f26f38310655bad67fd8096293275a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a7b5a27c53b55e91eecf646d1b204e73fa4af93"
        },
        {
          "url": "https://git.kernel.org/stable/c/10210658f827ad45061581cbfc05924b723e8922"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c778fe48d20ef362047e3376dee56d77f8500d4"
        }
      ],
      "title": "netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47685",
    "datePublished": "2024-10-21T11:53:26.486Z",
    "dateReserved": "2024-09-30T16:00:12.941Z",
    "dateUpdated": "2025-11-03T22:20:52.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56603 (GCVE-0-2024-56603)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2026-01-05 10:56

Title

net: af_can: do not leave a dangling sk pointer in can_create()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/884ae8bcee749be43…
	https://git.kernel.org/stable/c/ce39b5576785bb3e6…
	https://git.kernel.org/stable/c/1fe625f12d090d69f…
	https://git.kernel.org/stable/c/5947c9ac08f0771ea…
	https://git.kernel.org/stable/c/db207d19adbac9605…
	https://git.kernel.org/stable/c/8df832e6b945e1ba6…
	https://git.kernel.org/stable/c/811a7ca7320c062e1…

Impacted products

Vendor

Product

Version

Linux

Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 884ae8bcee749be43a071d6ed2d89058dbd2425c (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < ce39b5576785bb3e66591145aad03d66bc3e778d (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 1fe625f12d090d69f3f084990c7e4c1ff94bfe5f (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 5947c9ac08f0771ea8ed64186b0d52e9029cb6c0 (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < db207d19adbac96058685f6257720906ad41d215 (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 8df832e6b945e1ba61467d7f1c9305e314ae92fe (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 811a7ca7320c062e15d0f5b171fe6ad8592d1434 (git)

Linux

Affected: 2.6.25
Unaffected: 0 , < 2.6.25 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:42:16.822268Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:23.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:46.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/can/af_can.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "884ae8bcee749be43a071d6ed2d89058dbd2425c",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "ce39b5576785bb3e66591145aad03d66bc3e778d",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "1fe625f12d090d69f3f084990c7e4c1ff94bfe5f",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "5947c9ac08f0771ea8ed64186b0d52e9029cb6c0",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "db207d19adbac96058685f6257720906ad41d215",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "8df832e6b945e1ba61467d7f1c9305e314ae92fe",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "811a7ca7320c062e15d0f5b171fe6ad8592d1434",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/can/af_can.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: af_can: do not leave a dangling sk pointer in can_create()\n\nOn error can_create() frees the allocated sk object, but sock_init_data()\nhas already attached it to the provided sock object. This will leave a\ndangling sk pointer in the sock object and may cause use-after-free later."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:56:05.536Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/884ae8bcee749be43a071d6ed2d89058dbd2425c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce39b5576785bb3e66591145aad03d66bc3e778d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fe625f12d090d69f3f084990c7e4c1ff94bfe5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/5947c9ac08f0771ea8ed64186b0d52e9029cb6c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/db207d19adbac96058685f6257720906ad41d215"
        },
        {
          "url": "https://git.kernel.org/stable/c/8df832e6b945e1ba61467d7f1c9305e314ae92fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/811a7ca7320c062e15d0f5b171fe6ad8592d1434"
        }
      ],
      "title": "net: af_can: do not leave a dangling sk pointer in can_create()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56603",
    "datePublished": "2024-12-27T14:51:08.923Z",
    "dateReserved": "2024-12-27T14:03:06.012Z",
    "dateUpdated": "2026-01-05T10:56:05.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-0584 (GCVE-0-2024-0584)

Vulnerability from cvelistv5 – Published: 2024-01-16 14:02 – Updated: 2024-02-14 05:55

Do not use this CVE as it is duplicate of CVE-2023-6932

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-02-14T05:55:44.036Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "Do not use this CVE as it is duplicate of CVE-2023-6932"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0584",
    "datePublished": "2024-01-16T14:02:02.411Z",
    "dateRejected": "2024-02-14T05:55:44.036Z",
    "dateReserved": "2024-01-16T11:48:58.344Z",
    "dateUpdated": "2024-02-14T05:55:44.036Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0"
}

CVE-2024-47701 (GCVE-0-2024-47701)

Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21

Title

ext4: avoid OOB when system.data xattr changes underneath the filesystem

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if e_value_offs is changed underneath the filesystem by some change in the block device, it will lead to an out-of-bounds access that KASAN detects as an UAF. EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. loop0: detected capacity change from 2048 to 2047 ================================================================== BUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500 Read of size 1 at addr ffff88803e91130f by task syz-executor269/5103 CPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500 ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697 __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573 ext4_lookup_entry fs/ext4/namei.c:1727 [inline] ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795 lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633 filename_create+0x297/0x540 fs/namei.c:3980 do_symlinkat+0xf9/0x3a0 fs/namei.c:4587 __do_sys_symlinkat fs/namei.c:4610 [inline] __se_sys_symlinkat fs/namei.c:4607 [inline] __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3e73ced469 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469 RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0 RBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290 R10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0 </TASK> Calling ext4_xattr_ibody_find right after reading the inode with ext4_get_inode_loc will lead to a check of the validity of the xattrs, avoiding this problem.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5b076d37e8d99918e…
	https://git.kernel.org/stable/c/8adf0eb4e361a9e06…
	https://git.kernel.org/stable/c/7fc22c3b3ffc0e952…
	https://git.kernel.org/stable/c/be2e9b111e2790962…
	https://git.kernel.org/stable/c/ea32883e4a03ed575…
	https://git.kernel.org/stable/c/2a6579ef5f2576a94…
	https://git.kernel.org/stable/c/371d0bacecd529f88…
	https://git.kernel.org/stable/c/ccb8c18076e2e630f…
	https://git.kernel.org/stable/c/c6b72f5d82b1017ba…

Impacted products

Vendor

Product

Version

Linux

Affected: e8e948e7802a2ab05c146d3e72a39b93b5718236 , < 5b076d37e8d99918e9294bd6b35a8bbb436819b0 (git)
Affected: e8e948e7802a2ab05c146d3e72a39b93b5718236 , < 8adf0eb4e361a9e060d54f4bd0ac9c5d85277d20 (git)
Affected: e8e948e7802a2ab05c146d3e72a39b93b5718236 , < 7fc22c3b3ffc0e952f5e0062dd11aa6ae76affba (git)
Affected: e8e948e7802a2ab05c146d3e72a39b93b5718236 , < be2e9b111e2790962cc66a177869b4e9717b4e29 (git)
Affected: e8e948e7802a2ab05c146d3e72a39b93b5718236 , < ea32883e4a03ed575a2eb7a66542022312bde477 (git)
Affected: e8e948e7802a2ab05c146d3e72a39b93b5718236 , < 2a6579ef5f2576a940125729f7409cc182f1c8df (git)
Affected: e8e948e7802a2ab05c146d3e72a39b93b5718236 , < 371d0bacecd529f887ea2547333d9173e7bcdc0a (git)
Affected: e8e948e7802a2ab05c146d3e72a39b93b5718236 , < ccb8c18076e2e630fea23fbec583cdad61787fc5 (git)
Affected: e8e948e7802a2ab05c146d3e72a39b93b5718236 , < c6b72f5d82b1017bad80f9ebf502832fc321d796 (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.54 , ≤ 6.6.* (semver)
Unaffected: 6.10.13 , ≤ 6.10.* (semver)
Unaffected: 6.11.2 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T13:04:32.824362Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:14:13.562Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:21:07.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/inline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5b076d37e8d99918e9294bd6b35a8bbb436819b0",
              "status": "affected",
              "version": "e8e948e7802a2ab05c146d3e72a39b93b5718236",
              "versionType": "git"
            },
            {
              "lessThan": "8adf0eb4e361a9e060d54f4bd0ac9c5d85277d20",
              "status": "affected",
              "version": "e8e948e7802a2ab05c146d3e72a39b93b5718236",
              "versionType": "git"
            },
            {
              "lessThan": "7fc22c3b3ffc0e952f5e0062dd11aa6ae76affba",
              "status": "affected",
              "version": "e8e948e7802a2ab05c146d3e72a39b93b5718236",
              "versionType": "git"
            },
            {
              "lessThan": "be2e9b111e2790962cc66a177869b4e9717b4e29",
              "status": "affected",
              "version": "e8e948e7802a2ab05c146d3e72a39b93b5718236",
              "versionType": "git"
            },
            {
              "lessThan": "ea32883e4a03ed575a2eb7a66542022312bde477",
              "status": "affected",
              "version": "e8e948e7802a2ab05c146d3e72a39b93b5718236",
              "versionType": "git"
            },
            {
              "lessThan": "2a6579ef5f2576a940125729f7409cc182f1c8df",
              "status": "affected",
              "version": "e8e948e7802a2ab05c146d3e72a39b93b5718236",
              "versionType": "git"
            },
            {
              "lessThan": "371d0bacecd529f887ea2547333d9173e7bcdc0a",
              "status": "affected",
              "version": "e8e948e7802a2ab05c146d3e72a39b93b5718236",
              "versionType": "git"
            },
            {
              "lessThan": "ccb8c18076e2e630fea23fbec583cdad61787fc5",
              "status": "affected",
              "version": "e8e948e7802a2ab05c146d3e72a39b93b5718236",
              "versionType": "git"
            },
            {
              "lessThan": "c6b72f5d82b1017bad80f9ebf502832fc321d796",
              "status": "affected",
              "version": "e8e948e7802a2ab05c146d3e72a39b93b5718236",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/inline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:37:48.380Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5b076d37e8d99918e9294bd6b35a8bbb436819b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8adf0eb4e361a9e060d54f4bd0ac9c5d85277d20"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fc22c3b3ffc0e952f5e0062dd11aa6ae76affba"
        },
        {
          "url": "https://git.kernel.org/stable/c/be2e9b111e2790962cc66a177869b4e9717b4e29"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea32883e4a03ed575a2eb7a66542022312bde477"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a6579ef5f2576a940125729f7409cc182f1c8df"
        },
        {
          "url": "https://git.kernel.org/stable/c/371d0bacecd529f887ea2547333d9173e7bcdc0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccb8c18076e2e630fea23fbec583cdad61787fc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6b72f5d82b1017bad80f9ebf502832fc321d796"
        }
      ],
      "title": "ext4: avoid OOB when system.data xattr changes underneath the filesystem",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47701",
    "datePublished": "2024-10-21T11:53:37.276Z",
    "dateReserved": "2024-09-30T16:00:12.945Z",
    "dateUpdated": "2025-11-03T22:21:07.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46719 (GCVE-0-2024-46719)

Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2026-01-05 10:52

Title

usb: typec: ucsi: Fix null pointer dereference in trace

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8095bf0579ed4906a…
	https://git.kernel.org/stable/c/7e64cabe81c303bdf…
	https://git.kernel.org/stable/c/3aa56313b0de06ce1…
	https://git.kernel.org/stable/c/b4243c05d7e3db0bd…
	https://git.kernel.org/stable/c/3b9f2d9301ae67070…
	https://git.kernel.org/stable/c/99331fe68a8eaa409…
	https://git.kernel.org/stable/c/99516f76db48e1a9d…

Impacted products

Vendor

Product

Version

Linux

Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 8095bf0579ed4906a33f7bec675bfb29b6b16a3b (git)
Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 7e64cabe81c303bdf6fd26b6a09a3289b33bc870 (git)
Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 3aa56313b0de06ce1911950b2cc0c269614a87a9 (git)
Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae (git)
Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 3b9f2d9301ae67070fe77a0c06758722fd7172b7 (git)
Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 99331fe68a8eaa4097143a33fb0c12d5e5e8e830 (git)
Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 99516f76db48e1a9d54cdfed63c1babcee4e71a5 (git)

Linux

Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46719",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:57:21.735008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:57:35.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:16:52.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/typec/ucsi/ucsi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8095bf0579ed4906a33f7bec675bfb29b6b16a3b",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "7e64cabe81c303bdf6fd26b6a09a3289b33bc870",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "3aa56313b0de06ce1911950b2cc0c269614a87a9",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "3b9f2d9301ae67070fe77a0c06758722fd7172b7",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "99331fe68a8eaa4097143a33fb0c12d5e5e8e830",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            },
            {
              "lessThan": "99516f76db48e1a9d54cdfed63c1babcee4e71a5",
              "status": "affected",
              "version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/typec/ucsi/ucsi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:54.042Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870"
        },
        {
          "url": "https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830"
        },
        {
          "url": "https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5"
        }
      ],
      "title": "usb: typec: ucsi: Fix null pointer dereference in trace",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46719",
    "datePublished": "2024-09-18T06:32:18.028Z",
    "dateReserved": "2024-09-11T15:12:18.255Z",
    "dateUpdated": "2026-01-05T10:52:54.042Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26752 (GCVE-0-2024-26752)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 12:54

Title

l2tp: pass correct message length to ip6_append_data

Summary

In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4c3ce64bc9d36ca91…
	https://git.kernel.org/stable/c/c1d3a84a67db910ce…
	https://git.kernel.org/stable/c/dcb4d14268595065c…
	https://git.kernel.org/stable/c/0da15a70395182ee8…
	https://git.kernel.org/stable/c/13cd1daeea848614e…
	https://git.kernel.org/stable/c/804bd8650a3a2bf34…
	https://git.kernel.org/stable/c/83340c66b498e4935…
	https://git.kernel.org/stable/c/359e54a93ab43d32e…

Impacted products

Vendor

Product

Version

Linux

Affected: 559d697c5d072593d22b3e0bd8b8081108aeaf59 , < 4c3ce64bc9d36ca9164dd6c77ff144c121011aae (git)
Affected: 1fc793d68d50dee4782ef2e808913d5dd880bcc6 , < c1d3a84a67db910ce28a871273c992c3d7f9efb5 (git)
Affected: 96b2e1090397217839fcd6c9b6d8f5d439e705ed , < dcb4d14268595065c85dc5528056713928e17243 (git)
Affected: cd1189956393bf850b2e275e37411855d3bd86bb , < 0da15a70395182ee8cb75716baf00dddc0bea38d (git)
Affected: f6a7182179c0ed788e3755ee2ed18c888ddcc33f , < 13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (git)
Affected: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 , < 804bd8650a3a2bf3432375f8c97d5049d845ce56 (git)
Affected: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 , < 83340c66b498e49353530e41542500fc8a4782d6 (git)
Affected: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 , < 359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (git)
Affected: 7626b9fed53092aa2147978070e610ecb61af844 (git)
Affected: fe80658c08e3001c80c5533cd41abfbb0e0e28fd (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:05:57.024676Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:58.719Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/l2tp/l2tp_ip6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4c3ce64bc9d36ca9164dd6c77ff144c121011aae",
              "status": "affected",
              "version": "559d697c5d072593d22b3e0bd8b8081108aeaf59",
              "versionType": "git"
            },
            {
              "lessThan": "c1d3a84a67db910ce28a871273c992c3d7f9efb5",
              "status": "affected",
              "version": "1fc793d68d50dee4782ef2e808913d5dd880bcc6",
              "versionType": "git"
            },
            {
              "lessThan": "dcb4d14268595065c85dc5528056713928e17243",
              "status": "affected",
              "version": "96b2e1090397217839fcd6c9b6d8f5d439e705ed",
              "versionType": "git"
            },
            {
              "lessThan": "0da15a70395182ee8cb75716baf00dddc0bea38d",
              "status": "affected",
              "version": "cd1189956393bf850b2e275e37411855d3bd86bb",
              "versionType": "git"
            },
            {
              "lessThan": "13cd1daeea848614e585b2c6ecc11ca9c8ab2500",
              "status": "affected",
              "version": "f6a7182179c0ed788e3755ee2ed18c888ddcc33f",
              "versionType": "git"
            },
            {
              "lessThan": "804bd8650a3a2bf3432375f8c97d5049d845ce56",
              "status": "affected",
              "version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
              "versionType": "git"
            },
            {
              "lessThan": "83340c66b498e49353530e41542500fc8a4782d6",
              "status": "affected",
              "version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
              "versionType": "git"
            },
            {
              "lessThan": "359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79",
              "status": "affected",
              "version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7626b9fed53092aa2147978070e610ecb61af844",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fe80658c08e3001c80c5533cd41abfbb0e0e28fd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/l2tp/l2tp_ip6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "4.19.296",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "5.4.258",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "5.10.198",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "5.15.135",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "6.1.57",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.327",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n     ulen = len + skb_queue_empty(\u0026sk-\u003esk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:40.861Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"
        },
        {
          "url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"
        },
        {
          "url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"
        },
        {
          "url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"
        },
        {
          "url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"
        }
      ],
      "title": "l2tp: pass correct message length to ip6_append_data",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26752",
    "datePublished": "2024-04-03T17:00:37.340Z",
    "dateReserved": "2024-02-19T14:20:24.169Z",
    "dateUpdated": "2025-05-04T12:54:40.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46689 (GCVE-0-2024-46689)

Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2025-11-03 22:16

Title

soc: qcom: cmd-db: Map shared memory as WC, not WB

Summary

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone. The only reason it is working right now is because Qualcomm Hypervisor maps the same region as Non-Cacheable memory in Stage 2 translation tables. The issue manifests if we want to use another hypervisor (like Xen or KVM), which does not know anything about those specific mappings. Changing the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC removes dependency on correct mappings in Stage 2 tables. This patch fixes the issue by updating the mapping to MEMREMAP_WC. I tested this on SA8155P with Xen.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0ee9594c974368a17…
	https://git.kernel.org/stable/c/f5a5a5a0e95f36e27…
	https://git.kernel.org/stable/c/eaff392c1e34fb77c…
	https://git.kernel.org/stable/c/d9d48d70e922b2728…
	https://git.kernel.org/stable/c/ef80520be0ff78ae5…
	https://git.kernel.org/stable/c/62c2d63605ca25b5d…
	https://git.kernel.org/stable/c/f9bb896eab2216189…

Impacted products

Vendor

Product

Version

Linux

Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < 0ee9594c974368a17e85a431e9fe1c14fb65c278 (git)
Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < f5a5a5a0e95f36e2792d48e6e4b64e665eb01374 (git)
Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < eaff392c1e34fb77cc61505a31b0191e5e46e271 (git)
Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < d9d48d70e922b272875cda60d2ada89291c840cf (git)
Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < ef80520be0ff78ae5ed44cb6eee1525e65bebe70 (git)
Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < 62c2d63605ca25b5db78a347ed303c0a0a77d5b4 (git)
Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < f9bb896eab221618927ae6a2f1d566567999839d (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.108 , ≤ 6.1.* (semver)
Unaffected: 6.6.49 , ≤ 6.6.* (semver)
Unaffected: 6.10.8 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46689",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:07:23.732311Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:07:38.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:16:27.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/qcom/cmd-db.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0ee9594c974368a17e85a431e9fe1c14fb65c278",
              "status": "affected",
              "version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
              "versionType": "git"
            },
            {
              "lessThan": "f5a5a5a0e95f36e2792d48e6e4b64e665eb01374",
              "status": "affected",
              "version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
              "versionType": "git"
            },
            {
              "lessThan": "eaff392c1e34fb77cc61505a31b0191e5e46e271",
              "status": "affected",
              "version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
              "versionType": "git"
            },
            {
              "lessThan": "d9d48d70e922b272875cda60d2ada89291c840cf",
              "status": "affected",
              "version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
              "versionType": "git"
            },
            {
              "lessThan": "ef80520be0ff78ae5ed44cb6eee1525e65bebe70",
              "status": "affected",
              "version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
              "versionType": "git"
            },
            {
              "lessThan": "62c2d63605ca25b5db78a347ed303c0a0a77d5b4",
              "status": "affected",
              "version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
              "versionType": "git"
            },
            {
              "lessThan": "f9bb896eab221618927ae6a2f1d566567999839d",
              "status": "affected",
              "version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/qcom/cmd-db.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.108",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.49",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.8",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas \"write\" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:57.015Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374"
        },
        {
          "url": "https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70"
        },
        {
          "url": "https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d"
        }
      ],
      "title": "soc: qcom: cmd-db: Map shared memory as WC, not WB",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46689",
    "datePublished": "2024-09-13T05:29:19.713Z",
    "dateReserved": "2024-09-11T15:12:18.249Z",
    "dateUpdated": "2025-11-03T22:16:27.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49971 (GCVE-0-2024-49971)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-05-04 09:42

Title

drm/amd/display: Increase array size of dummy_boolean

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummy_boolean [WHY] dml2_core_shared_mode_support and dml_core_mode_support access the third element of dummy_boolean, i.e. hw_debug5 = &s->dummy_boolean[2], when dummy_boolean has size of 2. Any assignment to hw_debug5 causes an OVERRUN. [HOW] Increase dummy_boolean's array size to 3. This fixes 2 OVERRUN issues reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e9e48b7bb9cf3b78f…
	https://git.kernel.org/stable/c/6d64d394861970834…

Impacted products

Vendor

Product

Version

Linux

Affected: 70839da6360500a82e4d5f78499284474cbed7c1 , < e9e48b7bb9cf3b78f0305ef0144aaf61da0a83d8 (git)
Affected: 70839da6360500a82e4d5f78499284474cbed7c1 , < 6d64d39486197083497a01b39e23f2f8474b35d3 (git)

Linux

Affected: 6.11
Unaffected: 0 , < 6.11 (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:33:47.547811Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:46.174Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared_types.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e9e48b7bb9cf3b78f0305ef0144aaf61da0a83d8",
              "status": "affected",
              "version": "70839da6360500a82e4d5f78499284474cbed7c1",
              "versionType": "git"
            },
            {
              "lessThan": "6d64d39486197083497a01b39e23f2f8474b35d3",
              "status": "affected",
              "version": "70839da6360500a82e4d5f78499284474cbed7c1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared_types.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Increase array size of dummy_boolean\n\n[WHY]\ndml2_core_shared_mode_support and dml_core_mode_support access the third\nelement of dummy_boolean, i.e. hw_debug5 = \u0026s-\u003edummy_boolean[2], when\ndummy_boolean has size of 2. Any assignment to hw_debug5 causes an\nOVERRUN.\n\n[HOW]\nIncrease dummy_boolean\u0027s array size to 3.\n\nThis fixes 2 OVERRUN issues reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:42:41.395Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e9e48b7bb9cf3b78f0305ef0144aaf61da0a83d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d64d39486197083497a01b39e23f2f8474b35d3"
        }
      ],
      "title": "drm/amd/display: Increase array size of dummy_boolean",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49971",
    "datePublished": "2024-10-21T18:02:20.344Z",
    "dateReserved": "2024-10-21T12:17:06.051Z",
    "dateUpdated": "2025-05-04T09:42:41.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50024 (GCVE-0-2024-50024)

Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-11-03 22:24

Title

net: Fix an unsafe loop on the list

Summary

In the Linux kernel, the following vulnerability has been resolved: net: Fix an unsafe loop on the list The kernel may crash when deleting a genetlink family if there are still listeners for that family: Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0 LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0 Call Trace: __netlink_clear_multicast_users+0x74/0xc0 genl_unregister_family+0xd4/0x2d0 Change the unsafe loop on the list to a safe one, because inside the loop there is an element removal from this list.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/464801a0f6ccb52b2…
	https://git.kernel.org/stable/c/8e0766fcf37ad8eed…
	https://git.kernel.org/stable/c/68ad5da6ca630a276…
	https://git.kernel.org/stable/c/1cdec792b2450105b…
	https://git.kernel.org/stable/c/5f03a7f601f33cda1…
	https://git.kernel.org/stable/c/3be342e0332a7c83e…
	https://git.kernel.org/stable/c/49f9b726bf2bf3dd2…
	https://git.kernel.org/stable/c/1dae9f1187189bc09…

Impacted products

Vendor

Product

Version

Linux

Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 464801a0f6ccb52b21faa33bac6014fd74cc5e10 (git)
Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 8e0766fcf37ad8eed289dd3853628dd9b01b58b0 (git)
Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 68ad5da6ca630a276f0a5c924179e57724d00013 (git)
Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 1cdec792b2450105b1314c5123a9a0452cb2c2f0 (git)
Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 5f03a7f601f33cda1f710611625235dc86fd8a9e (git)
Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 3be342e0332a7c83eb26fbb22bf156fdca467a5d (git)
Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd (git)
Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 1dae9f1187189bc09ff6d25ca97ead711f7e26f9 (git)

Linux

Affected: 2.6.32
Unaffected: 0 , < 2.6.32 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.57 , ≤ 6.6.* (semver)
Unaffected: 6.11.4 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50024",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:27:00.388543Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:28:46.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:24:35.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/sock.h",
            "net/netlink/af_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "464801a0f6ccb52b21faa33bac6014fd74cc5e10",
              "status": "affected",
              "version": "b8273570f802a7658827dcb077b0b517ba75a289",
              "versionType": "git"
            },
            {
              "lessThan": "8e0766fcf37ad8eed289dd3853628dd9b01b58b0",
              "status": "affected",
              "version": "b8273570f802a7658827dcb077b0b517ba75a289",
              "versionType": "git"
            },
            {
              "lessThan": "68ad5da6ca630a276f0a5c924179e57724d00013",
              "status": "affected",
              "version": "b8273570f802a7658827dcb077b0b517ba75a289",
              "versionType": "git"
            },
            {
              "lessThan": "1cdec792b2450105b1314c5123a9a0452cb2c2f0",
              "status": "affected",
              "version": "b8273570f802a7658827dcb077b0b517ba75a289",
              "versionType": "git"
            },
            {
              "lessThan": "5f03a7f601f33cda1f710611625235dc86fd8a9e",
              "status": "affected",
              "version": "b8273570f802a7658827dcb077b0b517ba75a289",
              "versionType": "git"
            },
            {
              "lessThan": "3be342e0332a7c83eb26fbb22bf156fdca467a5d",
              "status": "affected",
              "version": "b8273570f802a7658827dcb077b0b517ba75a289",
              "versionType": "git"
            },
            {
              "lessThan": "49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd",
              "status": "affected",
              "version": "b8273570f802a7658827dcb077b0b517ba75a289",
              "versionType": "git"
            },
            {
              "lessThan": "1dae9f1187189bc09ff6d25ca97ead711f7e26f9",
              "status": "affected",
              "version": "b8273570f802a7658827dcb077b0b517ba75a289",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/sock.h",
            "net/netlink/af_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.32"
            },
            {
              "lessThan": "2.6.32",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.57",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.57",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.4",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix an unsafe loop on the list\n\nThe kernel may crash when deleting a genetlink family if there are still\nlisteners for that family:\n\nOops: Kernel access of bad area, sig: 11 [#1]\n  ...\n  NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0\n  LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0\n  Call Trace:\n__netlink_clear_multicast_users+0x74/0xc0\ngenl_unregister_family+0xd4/0x2d0\n\nChange the unsafe loop on the list to a safe one, because inside the\nloop there is an element removal from this list."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:44:03.890Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/464801a0f6ccb52b21faa33bac6014fd74cc5e10"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e0766fcf37ad8eed289dd3853628dd9b01b58b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/68ad5da6ca630a276f0a5c924179e57724d00013"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cdec792b2450105b1314c5123a9a0452cb2c2f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f03a7f601f33cda1f710611625235dc86fd8a9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3be342e0332a7c83eb26fbb22bf156fdca467a5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/1dae9f1187189bc09ff6d25ca97ead711f7e26f9"
        }
      ],
      "title": "net: Fix an unsafe loop on the list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50024",
    "datePublished": "2024-10-21T19:39:29.203Z",
    "dateReserved": "2024-10-21T12:17:06.065Z",
    "dateUpdated": "2025-11-03T22:24:35.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40968 (GCVE-0-2024-40968)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2026-01-05 10:36

Title

MIPS: Octeon: Add PCIe link status check

Summary

In the Linux kernel, the following vulnerability has been resolved: MIPS: Octeon: Add PCIe link status check The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it can generate kernel panic caused by "Data bus error". So it is necessary to add PCIe link status check for system protection. When the PCIe link is down or in training, assigning a value of 0 to the configuration address can prevent read-write behavior to the configuration space of peripheral PCIe devices, thereby preventing kernel panic.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6bff05aaa32c2f7e1…
	https://git.kernel.org/stable/c/64845ac64819683ad…
	https://git.kernel.org/stable/c/6c1b9fe148a4e03bb…
	https://git.kernel.org/stable/c/25998f5613159fe35…
	https://git.kernel.org/stable/c/d996deb80398a90dd…
	https://git.kernel.org/stable/c/1c33fd17383f48f67…
	https://git.kernel.org/stable/c/38d647d509543e943…
	https://git.kernel.org/stable/c/29b83a64df3b42c88…

Impacted products

Vendor

Product

Version

Linux

Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 6bff05aaa32c2f7e1f6e68e890876642159db419 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 64845ac64819683ad5e51b668b2ed56ee3386aee (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 6c1b9fe148a4e03bbfa234267ebb89f35285814a (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 25998f5613159fe35920dbd484fcac7ea3ad0799 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < d996deb80398a90dd3c03590e68dad543da87d62 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 1c33fd17383f48f679186c54df78542106deeaa0 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 38d647d509543e9434b3cc470b914348be271fe9 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 29b83a64df3b42c88c0338696feb6fdcd7f1f3b7 (git)

Linux

Affected: 2.6.31
Unaffected: 0 , < 2.6.31 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:33.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/64845ac64819683ad5e51b668b2ed56ee3386aee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6c1b9fe148a4e03bbfa234267ebb89f35285814a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25998f5613159fe35920dbd484fcac7ea3ad0799"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d996deb80398a90dd3c03590e68dad543da87d62"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c33fd17383f48f679186c54df78542106deeaa0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38d647d509543e9434b3cc470b914348be271fe9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29b83a64df3b42c88c0338696feb6fdcd7f1f3b7"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:03.974651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:22.885Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/pci/pcie-octeon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6bff05aaa32c2f7e1f6e68e890876642159db419",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "64845ac64819683ad5e51b668b2ed56ee3386aee",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "6c1b9fe148a4e03bbfa234267ebb89f35285814a",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "25998f5613159fe35920dbd484fcac7ea3ad0799",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "d996deb80398a90dd3c03590e68dad543da87d62",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "1c33fd17383f48f679186c54df78542106deeaa0",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "38d647d509543e9434b3cc470b914348be271fe9",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "29b83a64df3b42c88c0338696feb6fdcd7f1f3b7",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/pci/pcie-octeon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:58.353Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419"
        },
        {
          "url": "https://git.kernel.org/stable/c/64845ac64819683ad5e51b668b2ed56ee3386aee"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c1b9fe148a4e03bbfa234267ebb89f35285814a"
        },
        {
          "url": "https://git.kernel.org/stable/c/25998f5613159fe35920dbd484fcac7ea3ad0799"
        },
        {
          "url": "https://git.kernel.org/stable/c/d996deb80398a90dd3c03590e68dad543da87d62"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c33fd17383f48f679186c54df78542106deeaa0"
        },
        {
          "url": "https://git.kernel.org/stable/c/38d647d509543e9434b3cc470b914348be271fe9"
        },
        {
          "url": "https://git.kernel.org/stable/c/29b83a64df3b42c88c0338696feb6fdcd7f1f3b7"
        }
      ],
      "title": "MIPS: Octeon: Add PCIe link status check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40968",
    "datePublished": "2024-07-12T12:32:07.476Z",
    "dateReserved": "2024-07-12T12:17:45.602Z",
    "dateUpdated": "2026-01-05T10:36:58.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49959 (GCVE-0-2024-49959)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23

Title

jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error

Summary

In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail() to recover some journal space. But if an error occurs while executing jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free space right away, we try other branches, and if j_committing_transaction is NULL (i.e., the tid is 0), we will get the following complain: ============================================ JBD2: I/O error when updating journal superblock for sdd-8. __jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available __jbd2_log_wait_for_space: no way to get more journal space in sdd-8 ------------[ cut here ]------------ WARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0 Modules linked in: CPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1 RIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0 Call Trace: <TASK> add_transaction_credits+0x5d1/0x5e0 start_this_handle+0x1ef/0x6a0 jbd2__journal_start+0x18b/0x340 ext4_dirty_inode+0x5d/0xb0 __mark_inode_dirty+0xe4/0x5d0 generic_update_time+0x60/0x70 [...] ============================================ So only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to clean up at the moment, continue to try to reclaim free space in other ways. Note that this fix relies on commit 6f6a6fda2945 ("jbd2: fix ocfs2 corrupt when updating journal superblock fails") to make jbd2_cleanup_journal_tail return the correct error code.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/801a35dfef6996f3d…
	https://git.kernel.org/stable/c/d5dc65370a746750d…
	https://git.kernel.org/stable/c/481e8f18a290e39e0…
	https://git.kernel.org/stable/c/ec7f8337c98ad2810…
	https://git.kernel.org/stable/c/70bae48377a2c4296…
	https://git.kernel.org/stable/c/1c62dc0d82c62f0dc…
	https://git.kernel.org/stable/c/3ced0fe6c0eff0327…
	https://git.kernel.org/stable/c/c6bf043b210eac67d…
	https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf…

Impacted products

Vendor

Product

Version

Linux

Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 801a35dfef6996f3d5eaa96a59caf00440d9165e (git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < d5dc65370a746750dbb2f03eabcf86b18db65f32 (git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed (git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < ec7f8337c98ad281020ad1f11ba492462d80737a (git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 70bae48377a2c4296fd3caf4caf8f11079111019 (git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 1c62dc0d82c62f0dc8fcdc4843208e522acccaf5 (git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 3ced0fe6c0eff032733ea8b38778b34707270138 (git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < c6bf043b210eac67d35a114e345c4e5585672913 (git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a (git)

Linux

Affected: 2.6.28
Unaffected: 0 , < 2.6.28 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49959",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:35:21.788104Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:47.931Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:39.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jbd2/checkpoint.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "801a35dfef6996f3d5eaa96a59caf00440d9165e",
              "status": "affected",
              "version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
              "versionType": "git"
            },
            {
              "lessThan": "d5dc65370a746750dbb2f03eabcf86b18db65f32",
              "status": "affected",
              "version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
              "versionType": "git"
            },
            {
              "lessThan": "481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed",
              "status": "affected",
              "version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
              "versionType": "git"
            },
            {
              "lessThan": "ec7f8337c98ad281020ad1f11ba492462d80737a",
              "status": "affected",
              "version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
              "versionType": "git"
            },
            {
              "lessThan": "70bae48377a2c4296fd3caf4caf8f11079111019",
              "status": "affected",
              "version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
              "versionType": "git"
            },
            {
              "lessThan": "1c62dc0d82c62f0dc8fcdc4843208e522acccaf5",
              "status": "affected",
              "version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
              "versionType": "git"
            },
            {
              "lessThan": "3ced0fe6c0eff032733ea8b38778b34707270138",
              "status": "affected",
              "version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
              "versionType": "git"
            },
            {
              "lessThan": "c6bf043b210eac67d35a114e345c4e5585672913",
              "status": "affected",
              "version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
              "versionType": "git"
            },
            {
              "lessThan": "f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a",
              "status": "affected",
              "version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jbd2/checkpoint.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.28"
            },
            {
              "lessThan": "2.6.28",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n\nIn __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()\nto recover some journal space. But if an error occurs while executing\njbd2_cleanup_journal_tail() (e.g., an EIO), we don\u0027t stop waiting for free\nspace right away, we try other branches, and if j_committing_transaction\nis NULL (i.e., the tid is 0), we will get the following complain:\n\n============================================\nJBD2: I/O error when updating journal superblock for sdd-8.\n__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available\n__jbd2_log_wait_for_space: no way to get more journal space in sdd-8\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0\nModules linked in:\nCPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1\nRIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0\nCall Trace:\n \u003cTASK\u003e\n add_transaction_credits+0x5d1/0x5e0\n start_this_handle+0x1ef/0x6a0\n jbd2__journal_start+0x18b/0x340\n ext4_dirty_inode+0x5d/0xb0\n __mark_inode_dirty+0xe4/0x5d0\n generic_update_time+0x60/0x70\n[...]\n============================================\n\nSo only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to\nclean up at the moment, continue to try to reclaim free space in other ways.\n\nNote that this fix relies on commit 6f6a6fda2945 (\"jbd2: fix ocfs2 corrupt\nwhen updating journal superblock fails\") to make jbd2_cleanup_journal_tail\nreturn the correct error code."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:42:22.577Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/801a35dfef6996f3d5eaa96a59caf00440d9165e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5dc65370a746750dbb2f03eabcf86b18db65f32"
        },
        {
          "url": "https://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a"
        },
        {
          "url": "https://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a"
        }
      ],
      "title": "jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49959",
    "datePublished": "2024-10-21T18:02:12.355Z",
    "dateReserved": "2024-10-21T12:17:06.049Z",
    "dateUpdated": "2025-11-03T22:23:39.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50269 (GCVE-0-2024-50269)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2025-11-03 22:27

Title

usb: musb: sunxi: Fix accessing an released usb phy

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released. 1) register platform driver @sunxi_musb_driver // get the usb phy @glue->xceiv sunxi_musb_probe() -> devm_usb_get_phy(). 2) register and unregister platform driver @musb_driver musb_probe() -> sunxi_musb_init() use the phy here //the phy is released here musb_remove() -> sunxi_musb_exit() -> devm_usb_put_phy() 3) register @musb_driver again musb_probe() -> sunxi_musb_init() use the phy here but the phy has been released at 2). ... Fixed by reverting the commit, namely, removing devm_usb_put_phy() from sunxi_musb_exit().

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/721ddad945596220c…
	https://git.kernel.org/stable/c/4aa77d5ea9944468e…
	https://git.kernel.org/stable/c/6e2848d1c8c013916…
	https://git.kernel.org/stable/c/63559ba8077cbadae…
	https://git.kernel.org/stable/c/ccd811c304d2ee561…
	https://git.kernel.org/stable/c/8a30da5aa9609663b…
	https://git.kernel.org/stable/c/b08baa75b989cf779…
	https://git.kernel.org/stable/c/498dbd9aea205db9d…

Impacted products

Vendor

Product

Version

Linux

Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 721ddad945596220c123eb6f7126729fe277ee4f (git)
Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 4aa77d5ea9944468e16c3eed15e858fd5de44de1 (git)
Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 6e2848d1c8c0139161e69ac0a94133e90e9988e8 (git)
Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 63559ba8077cbadae1c92a65b73ea522bf377dd9 (git)
Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < ccd811c304d2ee56189bfbc49302cb3c44361893 (git)
Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 8a30da5aa9609663b3e05bcc91a916537f66a4cd (git)
Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < b08baa75b989cf779cbfa0969681f8ba2dc46569 (git)
Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 498dbd9aea205db9da674994b74c7bf8e18448bd (git)
Affected: 583a4219841d00e96b5de55be160aa7eb7721a4d (git)
Affected: b4ecc15d6f5a13c0bbe2777438e87e321f83faaa (git)
Affected: a2259ebaa933331c53904caf792b619ec42f0da5 (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50269",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:15:10.216730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:23.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:27:49.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/musb/sunxi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "721ddad945596220c123eb6f7126729fe277ee4f",
              "status": "affected",
              "version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
              "versionType": "git"
            },
            {
              "lessThan": "4aa77d5ea9944468e16c3eed15e858fd5de44de1",
              "status": "affected",
              "version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
              "versionType": "git"
            },
            {
              "lessThan": "6e2848d1c8c0139161e69ac0a94133e90e9988e8",
              "status": "affected",
              "version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
              "versionType": "git"
            },
            {
              "lessThan": "63559ba8077cbadae1c92a65b73ea522bf377dd9",
              "status": "affected",
              "version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
              "versionType": "git"
            },
            {
              "lessThan": "ccd811c304d2ee56189bfbc49302cb3c44361893",
              "status": "affected",
              "version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
              "versionType": "git"
            },
            {
              "lessThan": "8a30da5aa9609663b3e05bcc91a916537f66a4cd",
              "status": "affected",
              "version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
              "versionType": "git"
            },
            {
              "lessThan": "b08baa75b989cf779cbfa0969681f8ba2dc46569",
              "status": "affected",
              "version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
              "versionType": "git"
            },
            {
              "lessThan": "498dbd9aea205db9da674994b74c7bf8e18448bd",
              "status": "affected",
              "version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "583a4219841d00e96b5de55be160aa7eb7721a4d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b4ecc15d6f5a13c0bbe2777438e87e321f83faaa",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a2259ebaa933331c53904caf792b619ec42f0da5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/musb/sunxi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.95",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.59",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.13.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: sunxi: Fix accessing an released usb phy\n\nCommit 6ed05c68cbca (\"usb: musb: sunxi: Explicitly release USB PHY on\nexit\") will cause that usb phy @glue-\u003exceiv is accessed after released.\n\n1) register platform driver @sunxi_musb_driver\n// get the usb phy @glue-\u003exceiv\nsunxi_musb_probe() -\u003e devm_usb_get_phy().\n\n2) register and unregister platform driver @musb_driver\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here\n//the phy is released here\nmusb_remove() -\u003e sunxi_musb_exit() -\u003e devm_usb_put_phy()\n\n3) register @musb_driver again\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here but the phy has been released at 2).\n...\n\nFixed by reverting the commit, namely, removing devm_usb_put_phy()\nfrom sunxi_musb_exit()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:05.245Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/721ddad945596220c123eb6f7126729fe277ee4f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4aa77d5ea9944468e16c3eed15e858fd5de44de1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e2848d1c8c0139161e69ac0a94133e90e9988e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/63559ba8077cbadae1c92a65b73ea522bf377dd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccd811c304d2ee56189bfbc49302cb3c44361893"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a30da5aa9609663b3e05bcc91a916537f66a4cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/b08baa75b989cf779cbfa0969681f8ba2dc46569"
        },
        {
          "url": "https://git.kernel.org/stable/c/498dbd9aea205db9da674994b74c7bf8e18448bd"
        }
      ],
      "title": "usb: musb: sunxi: Fix accessing an released usb phy",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50269",
    "datePublished": "2024-11-19T01:30:06.910Z",
    "dateReserved": "2024-10-21T19:36:19.982Z",
    "dateUpdated": "2025-11-03T22:27:49.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56594 (GCVE-0-2024-56594)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:50

Title

drm/amdgpu: set the right AMDGPU sg segment limitation

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: set the right AMDGPU sg segment limitation The driver needs to set the correct max_segment_size; otherwise debug_dma_map_sg() will complain about the over-mapping of the AMDGPU sg length as following: WARNING: CPU: 6 PID: 1964 at kernel/dma/debug.c:1178 debug_dma_map_sg+0x2dc/0x370 [ 364.049444] Modules linked in: veth amdgpu(OE) amdxcp drm_exec gpu_sched drm_buddy drm_ttm_helper ttm(OE) drm_suballoc_helper drm_display_helper drm_kms_helper i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc amd_atl intel_rapl_msr intel_rapl_common sunrpc sch_fq_codel snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd binfmt_misc snd_hda_codec snd_pci_acp6x snd_hda_core snd_acp_config snd_hwdep snd_soc_acpi kvm_amd snd_pcm kvm snd_seq_midi snd_seq_midi_event crct10dif_pclmul ghash_clmulni_intel sha512_ssse3 snd_rawmidi sha256_ssse3 sha1_ssse3 aesni_intel snd_seq nls_iso8859_1 crypto_simd snd_seq_device cryptd snd_timer rapl input_leds snd [ 364.049532] ipmi_devintf wmi_bmof ccp serio_raw k10temp sp5100_tco soundcore ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii [ 364.049576] CPU: 6 PID: 1964 Comm: rocminfo Tainted: G OE 6.10.0-custom #492 [ 364.049579] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021 [ 364.049582] RIP: 0010:debug_dma_map_sg+0x2dc/0x370 [ 364.049585] Code: 89 4d b8 e8 36 b1 86 00 8b 4d b8 48 8b 55 b0 44 8b 45 a8 4c 8b 4d a0 48 89 c6 48 c7 c7 00 4b 74 bc 4c 89 4d b8 e8 b4 73 f3 ff <0f> 0b 4c 8b 4d b8 8b 15 c8 2c b8 01 85 d2 0f 85 ee fd ff ff 8b 05 [ 364.049588] RSP: 0018:ffff9ca600b57ac0 EFLAGS: 00010286 [ 364.049590] RAX: 0000000000000000 RBX: ffff88b7c132b0c8 RCX: 0000000000000027 [ 364.049592] RDX: ffff88bb0f521688 RSI: 0000000000000001 RDI: ffff88bb0f521680 [ 364.049594] RBP: ffff9ca600b57b20 R08: 000000000000006f R09: ffff9ca600b57930 [ 364.049596] R10: ffff9ca600b57928 R11: ffffffffbcb46328 R12: 0000000000000000 [ 364.049597] R13: 0000000000000001 R14: ffff88b7c19c0700 R15: ffff88b7c9059800 [ 364.049599] FS: 00007fb2d3516e80(0000) GS:ffff88bb0f500000(0000) knlGS:0000000000000000 [ 364.049601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 364.049603] CR2: 000055610bd03598 CR3: 00000001049f6000 CR4: 0000000000350ef0 [ 364.049605] Call Trace: [ 364.049607] <TASK> [ 364.049609] ? show_regs+0x6d/0x80 [ 364.049614] ? __warn+0x8c/0x140 [ 364.049618] ? debug_dma_map_sg+0x2dc/0x370 [ 364.049621] ? report_bug+0x193/0x1a0 [ 364.049627] ? handle_bug+0x46/0x80 [ 364.049631] ? exc_invalid_op+0x1d/0x80 [ 364.049635] ? asm_exc_invalid_op+0x1f/0x30 [ 364.049642] ? debug_dma_map_sg+0x2dc/0x370 [ 364.049647] __dma_map_sg_attrs+0x90/0xe0 [ 364.049651] dma_map_sgtable+0x25/0x40 [ 364.049654] amdgpu_bo_move+0x59a/0x850 [amdgpu] [ 364.049935] ? srso_return_thunk+0x5/0x5f [ 364.049939] ? amdgpu_ttm_tt_populate+0x5d/0xc0 [amdgpu] [ 364.050095] ttm_bo_handle_move_mem+0xc3/0x180 [ttm] [ 364.050103] ttm_bo_validate+0xc1/0x160 [ttm] [ 364.050108] ? amdgpu_ttm_tt_get_user_pages+0xe5/0x1b0 [amdgpu] [ 364.050263] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0xa12/0xc90 [amdgpu] [ 364.050473] kfd_ioctl_alloc_memory_of_gpu+0x16b/0x3b0 [amdgpu] [ 364.050680] kfd_ioctl+0x3c2/0x530 [amdgpu] [ 364.050866] ? __pfx_kfd_ioctl_alloc_memory_of_gpu+0x10/0x10 [amdgpu] [ 364.05105 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b5807a08954fdf914…
	https://git.kernel.org/stable/c/13c3a54f48a612a11…
	https://git.kernel.org/stable/c/76581147b05c2adb6…
	https://git.kernel.org/stable/c/ff0346a74627a5f60…
	https://git.kernel.org/stable/c/b9e52a96ec92245bf…
	https://git.kernel.org/stable/c/76649ccf97e2cd72b…
	https://git.kernel.org/stable/c/e2e97435783979124…

Impacted products

Vendor

Product

Version

Linux

Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < b5807a08954fdf914ef80b49aaa6cda965ecc95c (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 13c3a54f48a612a117dfd82a9dd91732261e869d (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 76581147b05c2adb6b47bbc697521725f10224e4 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < ff0346a74627a5f607a33a3852586f8c7f678329 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < b9e52a96ec92245bf15dabba1d3d862d7a03efb8 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 76649ccf97e2cd72b62e34ed2fba6e0f89497eab (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < e2e97435783979124ba92d6870415c57ecfef6a5 (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:20.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b5807a08954fdf914ef80b49aaa6cda965ecc95c",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "13c3a54f48a612a117dfd82a9dd91732261e869d",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "76581147b05c2adb6b47bbc697521725f10224e4",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "ff0346a74627a5f607a33a3852586f8c7f678329",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "b9e52a96ec92245bf15dabba1d3d862d7a03efb8",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "76649ccf97e2cd72b62e34ed2fba6e0f89497eab",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "e2e97435783979124ba92d6870415c57ecfef6a5",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: set the right AMDGPU sg segment limitation\n\nThe driver needs to set the correct max_segment_size;\notherwise debug_dma_map_sg() will complain about the\nover-mapping of the AMDGPU sg length as following:\n\nWARNING: CPU: 6 PID: 1964 at kernel/dma/debug.c:1178 debug_dma_map_sg+0x2dc/0x370\n[  364.049444] Modules linked in: veth amdgpu(OE) amdxcp drm_exec gpu_sched drm_buddy drm_ttm_helper ttm(OE) drm_suballoc_helper drm_display_helper drm_kms_helper i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc amd_atl intel_rapl_msr intel_rapl_common sunrpc sch_fq_codel snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd binfmt_misc snd_hda_codec snd_pci_acp6x snd_hda_core snd_acp_config snd_hwdep snd_soc_acpi kvm_amd snd_pcm kvm snd_seq_midi snd_seq_midi_event crct10dif_pclmul ghash_clmulni_intel sha512_ssse3 snd_rawmidi sha256_ssse3 sha1_ssse3 aesni_intel snd_seq nls_iso8859_1 crypto_simd snd_seq_device cryptd snd_timer rapl input_leds snd\n[  364.049532]  ipmi_devintf wmi_bmof ccp serio_raw k10temp sp5100_tco soundcore ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii\n[  364.049576] CPU: 6 PID: 1964 Comm: rocminfo Tainted: G           OE      6.10.0-custom #492\n[  364.049579] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021\n[  364.049582] RIP: 0010:debug_dma_map_sg+0x2dc/0x370\n[  364.049585] Code: 89 4d b8 e8 36 b1 86 00 8b 4d b8 48 8b 55 b0 44 8b 45 a8 4c 8b 4d a0 48 89 c6 48 c7 c7 00 4b 74 bc 4c 89 4d b8 e8 b4 73 f3 ff \u003c0f\u003e 0b 4c 8b 4d b8 8b 15 c8 2c b8 01 85 d2 0f 85 ee fd ff ff 8b 05\n[  364.049588] RSP: 0018:ffff9ca600b57ac0 EFLAGS: 00010286\n[  364.049590] RAX: 0000000000000000 RBX: ffff88b7c132b0c8 RCX: 0000000000000027\n[  364.049592] RDX: ffff88bb0f521688 RSI: 0000000000000001 RDI: ffff88bb0f521680\n[  364.049594] RBP: ffff9ca600b57b20 R08: 000000000000006f R09: ffff9ca600b57930\n[  364.049596] R10: ffff9ca600b57928 R11: ffffffffbcb46328 R12: 0000000000000000\n[  364.049597] R13: 0000000000000001 R14: ffff88b7c19c0700 R15: ffff88b7c9059800\n[  364.049599] FS:  00007fb2d3516e80(0000) GS:ffff88bb0f500000(0000) knlGS:0000000000000000\n[  364.049601] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  364.049603] CR2: 000055610bd03598 CR3: 00000001049f6000 CR4: 0000000000350ef0\n[  364.049605] Call Trace:\n[  364.049607]  \u003cTASK\u003e\n[  364.049609]  ? show_regs+0x6d/0x80\n[  364.049614]  ? __warn+0x8c/0x140\n[  364.049618]  ? debug_dma_map_sg+0x2dc/0x370\n[  364.049621]  ? report_bug+0x193/0x1a0\n[  364.049627]  ? handle_bug+0x46/0x80\n[  364.049631]  ? exc_invalid_op+0x1d/0x80\n[  364.049635]  ? asm_exc_invalid_op+0x1f/0x30\n[  364.049642]  ? debug_dma_map_sg+0x2dc/0x370\n[  364.049647]  __dma_map_sg_attrs+0x90/0xe0\n[  364.049651]  dma_map_sgtable+0x25/0x40\n[  364.049654]  amdgpu_bo_move+0x59a/0x850 [amdgpu]\n[  364.049935]  ? srso_return_thunk+0x5/0x5f\n[  364.049939]  ? amdgpu_ttm_tt_populate+0x5d/0xc0 [amdgpu]\n[  364.050095]  ttm_bo_handle_move_mem+0xc3/0x180 [ttm]\n[  364.050103]  ttm_bo_validate+0xc1/0x160 [ttm]\n[  364.050108]  ? amdgpu_ttm_tt_get_user_pages+0xe5/0x1b0 [amdgpu]\n[  364.050263]  amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0xa12/0xc90 [amdgpu]\n[  364.050473]  kfd_ioctl_alloc_memory_of_gpu+0x16b/0x3b0 [amdgpu]\n[  364.050680]  kfd_ioctl+0x3c2/0x530 [amdgpu]\n[  364.050866]  ? __pfx_kfd_ioctl_alloc_memory_of_gpu+0x10/0x10 [amdgpu]\n[  364.05105\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:56.947Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b5807a08954fdf914ef80b49aaa6cda965ecc95c"
        },
        {
          "url": "https://git.kernel.org/stable/c/13c3a54f48a612a117dfd82a9dd91732261e869d"
        },
        {
          "url": "https://git.kernel.org/stable/c/76581147b05c2adb6b47bbc697521725f10224e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff0346a74627a5f607a33a3852586f8c7f678329"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9e52a96ec92245bf15dabba1d3d862d7a03efb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/76649ccf97e2cd72b62e34ed2fba6e0f89497eab"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2e97435783979124ba92d6870415c57ecfef6a5"
        }
      ],
      "title": "drm/amdgpu: set the right AMDGPU sg segment limitation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56594",
    "datePublished": "2024-12-27T14:51:01.431Z",
    "dateReserved": "2024-12-27T14:03:06.004Z",
    "dateUpdated": "2025-11-03T20:50:20.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42093 (GCVE-0-2024-42093)

Vulnerability from cvelistv5 – Published: 2024-07-29 17:39 – Updated: 2025-11-03 22:01

Title

net/dpaa2: Avoid explicit cpumask var allocation on stack

Summary

In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK. Use *cpumask_var API(s) to address it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b2262b3be27cee334…
	https://git.kernel.org/stable/c/763896ab62a672d72…
	https://git.kernel.org/stable/c/a55afc0f5f20ba309…
	https://git.kernel.org/stable/c/48147337d7efdea6a…
	https://git.kernel.org/stable/c/69f49527aea12c23b…
	https://git.kernel.org/stable/c/5e4f25091e6d06e99…
	https://git.kernel.org/stable/c/d33fe1714a44ff540…

Impacted products

Vendor

Product

Version

Linux

Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < b2262b3be27cee334a2fa175ae3afb53f38fb0b1 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < 763896ab62a672d728f5eb10ac90d98c607a8509 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < a55afc0f5f20ba30970aaf7271929dc00eee5e7d (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < 48147337d7efdea6ad6e49f5b8eb894b95868ef0 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < 69f49527aea12c23b78fb3d0a421950bf44fb4e2 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < 5e4f25091e6d06e99a23f724c839a58a8776a527 (git)
Affected: 93ddf0b211a0a0367d01c9587169c16ed77b4b98 , < d33fe1714a44ff540629b149d8fab4ac6967585c (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:26.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42093",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:31.047930Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:00.736Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b2262b3be27cee334a2fa175ae3afb53f38fb0b1",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "763896ab62a672d728f5eb10ac90d98c607a8509",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "a55afc0f5f20ba30970aaf7271929dc00eee5e7d",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "48147337d7efdea6ad6e49f5b8eb894b95868ef0",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "69f49527aea12c23b78fb3d0a421950bf44fb4e2",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "5e4f25091e6d06e99a23f724c839a58a8776a527",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            },
            {
              "lessThan": "d33fe1714a44ff540629b149d8fab4ac6967585c",
              "status": "affected",
              "version": "93ddf0b211a0a0367d01c9587169c16ed77b4b98",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/dpaa2: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:57.748Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509"
        },
        {
          "url": "https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0"
        },
        {
          "url": "https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527"
        },
        {
          "url": "https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c"
        }
      ],
      "title": "net/dpaa2: Avoid explicit cpumask var allocation on stack",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42093",
    "datePublished": "2024-07-29T17:39:29.470Z",
    "dateReserved": "2024-07-29T15:50:41.172Z",
    "dateUpdated": "2025-11-03T22:01:26.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43893 (GCVE-0-2024-43893)

Vulnerability from cvelistv5 – Published: 2024-08-26 10:10 – Updated: 2026-01-05 10:52

Title

serial: core: check uartclk for zero to avoid divide by zero

Summary

In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set. Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) Call Trace: <TASK> serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 drivers/tty/serial/8250/8250_port.c:2589) serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 drivers/tty/serial/8250/8250_port.c:2741) serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) uart_change_line_settings (./include/linux/spinlock.h:376 ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) uart_port_startup (drivers/tty/serial/serial_core.c:342) uart_startup (drivers/tty/serial/serial_core.c:368) uart_set_info (drivers/tty/serial/serial_core.c:1034) uart_set_info_user (drivers/tty/serial/serial_core.c:1059) tty_set_serial (drivers/tty/tty_io.c:2637) tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Rule: add

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3bbd90fca824e6fd6…
	https://git.kernel.org/stable/c/55b2a5d331a6ceb1c…
	https://git.kernel.org/stable/c/52b138f1021113e59…
	https://git.kernel.org/stable/c/9196e42a3b8eeff17…
	https://git.kernel.org/stable/c/e13ba3fe5ee070f8a…
	https://git.kernel.org/stable/c/e3ad503876283ac3f…
	https://git.kernel.org/stable/c/68dc02f319b9ee54d…
	https://git.kernel.org/stable/c/6eabce6608d6f3440…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 55b2a5d331a6ceb1c4372945fdb77181265ba24f (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 52b138f1021113e593ee6ad258ce08fe90693a9e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9196e42a3b8eeff1707e6ef769112b4b6096be49 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e13ba3fe5ee070f8a9dab60029d52b1f61da5051 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e3ad503876283ac3fcca922a1bf243ef9eb0b0e2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 68dc02f319b9ee54dc23caba742a5c754d1cccc8 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10.5 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:29:15.877067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:32:57.839Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:06:54.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/serial_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "55b2a5d331a6ceb1c4372945fdb77181265ba24f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "52b138f1021113e593ee6ad258ce08fe90693a9e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9196e42a3b8eeff1707e6ef769112b4b6096be49",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e13ba3fe5ee070f8a9dab60029d52b1f61da5051",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e3ad503876283ac3fcca922a1bf243ef9eb0b0e2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "68dc02f319b9ee54dc23caba742a5c754d1cccc8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6eabce6608d6f3440f4c03aa3d3ef50a47a3d193",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/serial_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n \u003cTASK\u003e\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:25.692Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba"
        },
        {
          "url": "https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f"
        },
        {
          "url": "https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49"
        },
        {
          "url": "https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193"
        }
      ],
      "title": "serial: core: check uartclk for zero to avoid divide by zero",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43893",
    "datePublished": "2024-08-26T10:10:48.046Z",
    "dateReserved": "2024-08-17T09:11:59.290Z",
    "dateUpdated": "2026-01-05T10:52:25.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49851 (GCVE-0-2024-49851)

Vulnerability from cvelistv5 – Published: 2024-10-21 12:18 – Updated: 2025-11-03 22:22

Title

tpm: Clean up TPM space after command failure

Summary

In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed. Fix this by flushing the space in the event of command transmission failure.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/87e8134c18977b566…
	https://git.kernel.org/stable/c/2c9b228938e9266a1…
	https://git.kernel.org/stable/c/ebc4e1f4492d114f9…
	https://git.kernel.org/stable/c/c84ceb546f30432fc…
	https://git.kernel.org/stable/c/82478cb8a23bd4f97…
	https://git.kernel.org/stable/c/adf4ce16256122233…
	https://git.kernel.org/stable/c/3f9f72d843c92fb6f…
	https://git.kernel.org/stable/c/e3aaebcbb7c6b4034…

Impacted products

Vendor

Product

Version

Linux

Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 87e8134c18977b566f4ec248c8a147244da69402 (git)
Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 2c9b228938e9266a1065a3f4fe5c99b7235dc439 (git)
Affected: 745b361e989af21ad40811c2586b60229f870a68 , < ebc4e1f4492d114f9693950621b3ea42b2f82bec (git)
Affected: 745b361e989af21ad40811c2586b60229f870a68 , < c84ceb546f30432fccea4891163f7050f5bee5dd (git)
Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 82478cb8a23bd4f97935bbe60d64528c6d9918b4 (git)
Affected: 745b361e989af21ad40811c2586b60229f870a68 , < adf4ce162561222338cf2c9a2caa294527f7f721 (git)
Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 3f9f72d843c92fb6f4ff7460d774413cde7f254c (git)
Affected: 745b361e989af21ad40811c2586b60229f870a68 , < e3aaebcbb7c6b403416f442d1de70d437ce313a7 (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.54 , ≤ 6.6.* (semver)
Unaffected: 6.10.13 , ≤ 6.10.* (semver)
Unaffected: 6.11.2 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49851",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T12:56:54.610460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:04:11.872Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:18.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/tpm/tpm-dev-common.c",
            "drivers/char/tpm/tpm2-space.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "87e8134c18977b566f4ec248c8a147244da69402",
              "status": "affected",
              "version": "745b361e989af21ad40811c2586b60229f870a68",
              "versionType": "git"
            },
            {
              "lessThan": "2c9b228938e9266a1065a3f4fe5c99b7235dc439",
              "status": "affected",
              "version": "745b361e989af21ad40811c2586b60229f870a68",
              "versionType": "git"
            },
            {
              "lessThan": "ebc4e1f4492d114f9693950621b3ea42b2f82bec",
              "status": "affected",
              "version": "745b361e989af21ad40811c2586b60229f870a68",
              "versionType": "git"
            },
            {
              "lessThan": "c84ceb546f30432fccea4891163f7050f5bee5dd",
              "status": "affected",
              "version": "745b361e989af21ad40811c2586b60229f870a68",
              "versionType": "git"
            },
            {
              "lessThan": "82478cb8a23bd4f97935bbe60d64528c6d9918b4",
              "status": "affected",
              "version": "745b361e989af21ad40811c2586b60229f870a68",
              "versionType": "git"
            },
            {
              "lessThan": "adf4ce162561222338cf2c9a2caa294527f7f721",
              "status": "affected",
              "version": "745b361e989af21ad40811c2586b60229f870a68",
              "versionType": "git"
            },
            {
              "lessThan": "3f9f72d843c92fb6f4ff7460d774413cde7f254c",
              "status": "affected",
              "version": "745b361e989af21ad40811c2586b60229f870a68",
              "versionType": "git"
            },
            {
              "lessThan": "e3aaebcbb7c6b403416f442d1de70d437ce313a7",
              "status": "affected",
              "version": "745b361e989af21ad40811c2586b60229f870a68",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/tpm/tpm-dev-common.c",
            "drivers/char/tpm/tpm2-space.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Clean up TPM space after command failure\n\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\n\nFix this by flushing the space in the event of command transmission\nfailure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:39:31.728Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec"
        },
        {
          "url": "https://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7"
        }
      ],
      "title": "tpm: Clean up TPM space after command failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49851",
    "datePublished": "2024-10-21T12:18:44.742Z",
    "dateReserved": "2024-10-21T12:17:06.015Z",
    "dateUpdated": "2025-11-03T22:22:18.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49875 (GCVE-0-2024-49875)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54

Title

nfsd: map the EBADMSG to nfserr_io to avoid warning

Summary

In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to nfserr_io to avoid warning Ext4 will throw -EBADMSG through ext4_readdir when a checksum error occurs, resulting in the following WARNING. Fix it by mapping EBADMSG to nfserr_io. nfsd_buffered_readdir iterate_dir // -EBADMSG -74 ext4_readdir // .iterate_shared ext4_dx_readdir ext4_htree_fill_tree htree_dirblock_to_tree ext4_read_dirblock __ext4_read_dirblock ext4_dirblock_csum_verify warn_no_space_for_csum __warn_no_space_for_csum return ERR_PTR(-EFSBADCRC) // -EBADMSG -74 nfserrno // WARNING [ 161.115610] ------------[ cut here ]------------ [ 161.116465] nfsd: non-standard errno: -74 [ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0 [ 161.118596] Modules linked in: [ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138 [ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe mu.org 04/01/2014 [ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0 [ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6 05 ce 2b 61 03 01 e8 99 20 d8 00 <0f> 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33 [ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286 [ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a [ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827 [ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021 [ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8 [ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000 [ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0 [ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 161.141519] PKRU: 55555554 [ 161.142076] Call Trace: [ 161.142575] ? __warn+0x9b/0x140 [ 161.143229] ? nfserrno+0x9d/0xd0 [ 161.143872] ? report_bug+0x125/0x150 [ 161.144595] ? handle_bug+0x41/0x90 [ 161.145284] ? exc_invalid_op+0x14/0x70 [ 161.146009] ? asm_exc_invalid_op+0x12/0x20 [ 161.146816] ? nfserrno+0x9d/0xd0 [ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0 [ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380 [ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0 [ 161.150093] ? wait_for_concurrent_writes+0x170/0x170 [ 161.151004] ? generic_file_llseek_size+0x48/0x160 [ 161.151895] nfsd_readdir+0x132/0x190 [ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380 [ 161.153516] ? nfsd_unlink+0x380/0x380 [ 161.154256] ? override_creds+0x45/0x60 [ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0 [ 161.155850] ? nfsd4_encode_readlink+0x210/0x210 [ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0 [ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0 [ 161.158494] ? lock_downgrade+0x90/0x90 [ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10 [ 161.160092] nfsd4_encode_operation+0x15a/0x440 [ 161.160959] nfsd4_proc_compound+0x718/0xe90 [ 161.161818] nfsd_dispatch+0x18e/0x2c0 [ 161.162586] svc_process_common+0x786/0xc50 [ 161.163403] ? nfsd_svc+0x380/0x380 [ 161.164137] ? svc_printk+0x160/0x160 [ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380 [ 161.165808] ? nfsd_svc+0x380/0x380 [ 161.166523] ? rcu_is_watching+0x23/0x40 [ 161.167309] svc_process+0x1a5/0x200 [ 161.168019] nfsd+0x1f5/0x380 [ 161.168663] ? nfsd_shutdown_threads+0x260/0x260 [ 161.169554] kthread+0x1c4/0x210 [ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80 [ 161.171246] ret_from_fork+0x1f/0x30

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0ea4333c679f333e2…
	https://git.kernel.org/stable/c/825789ca946025431…
	https://git.kernel.org/stable/c/6fe058502f8864649…
	https://git.kernel.org/stable/c/f7d8ee9db94372b82…
	https://git.kernel.org/stable/c/c76005adfa93d1a02…
	https://git.kernel.org/stable/c/e9cfecca22a36b927…
	https://git.kernel.org/stable/c/340e61e44c1d2a15c…

Impacted products

Vendor

Product

Version

Linux

Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < 0ea4333c679f333e23956de743ad17387819d3f2 (git)
Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < 825789ca94602543101045ad3aad19b2b60c6b2a (git)
Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < 6fe058502f8864649c3d614b06b2235223798f48 (git)
Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < f7d8ee9db94372b8235f5f22bb24381891594c42 (git)
Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < c76005adfa93d1a027433331252422078750321f (git)
Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < e9cfecca22a36b927a440abc6307efb9e138fed5 (git)
Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < 340e61e44c1d2a15c42ec72ade9195ad525fd048 (git)

Linux

Affected: 4.4
Unaffected: 0 , < 4.4 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49875",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:46:25.129845Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:48:51.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:40.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/vfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0ea4333c679f333e23956de743ad17387819d3f2",
              "status": "affected",
              "version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
              "versionType": "git"
            },
            {
              "lessThan": "825789ca94602543101045ad3aad19b2b60c6b2a",
              "status": "affected",
              "version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
              "versionType": "git"
            },
            {
              "lessThan": "6fe058502f8864649c3d614b06b2235223798f48",
              "status": "affected",
              "version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
              "versionType": "git"
            },
            {
              "lessThan": "f7d8ee9db94372b8235f5f22bb24381891594c42",
              "status": "affected",
              "version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
              "versionType": "git"
            },
            {
              "lessThan": "c76005adfa93d1a027433331252422078750321f",
              "status": "affected",
              "version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
              "versionType": "git"
            },
            {
              "lessThan": "e9cfecca22a36b927a440abc6307efb9e138fed5",
              "status": "affected",
              "version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
              "versionType": "git"
            },
            {
              "lessThan": "340e61e44c1d2a15c42ec72ade9195ad525fd048",
              "status": "affected",
              "version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/vfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.4"
            },
            {
              "lessThan": "4.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: map the EBADMSG to nfserr_io to avoid warning\n\nExt4 will throw -EBADMSG through ext4_readdir when a checksum error\noccurs, resulting in the following WARNING.\n\nFix it by mapping EBADMSG to nfserr_io.\n\nnfsd_buffered_readdir\n iterate_dir // -EBADMSG -74\n  ext4_readdir // .iterate_shared\n   ext4_dx_readdir\n    ext4_htree_fill_tree\n     htree_dirblock_to_tree\n      ext4_read_dirblock\n       __ext4_read_dirblock\n        ext4_dirblock_csum_verify\n         warn_no_space_for_csum\n          __warn_no_space_for_csum\n        return ERR_PTR(-EFSBADCRC) // -EBADMSG -74\n nfserrno // WARNING\n\n[  161.115610] ------------[ cut here ]------------\n[  161.116465] nfsd: non-standard errno: -74\n[  161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0\n[  161.118596] Modules linked in:\n[  161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138\n[  161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe\nmu.org 04/01/2014\n[  161.123601] RIP: 0010:nfserrno+0x9d/0xd0\n[  161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6\n 05 ce 2b 61 03 01 e8 99 20 d8 00 \u003c0f\u003e 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33\n[  161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286\n[  161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[  161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a\n[  161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827\n[  161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021\n[  161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8\n[  161.135244] FS:  0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000\n[  161.136695] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0\n[  161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[  161.141519] PKRU: 55555554\n[  161.142076] Call Trace:\n[  161.142575]  ? __warn+0x9b/0x140\n[  161.143229]  ? nfserrno+0x9d/0xd0\n[  161.143872]  ? report_bug+0x125/0x150\n[  161.144595]  ? handle_bug+0x41/0x90\n[  161.145284]  ? exc_invalid_op+0x14/0x70\n[  161.146009]  ? asm_exc_invalid_op+0x12/0x20\n[  161.146816]  ? nfserrno+0x9d/0xd0\n[  161.147487]  nfsd_buffered_readdir+0x28b/0x2b0\n[  161.148333]  ? nfsd4_encode_dirent_fattr+0x380/0x380\n[  161.149258]  ? nfsd_buffered_filldir+0xf0/0xf0\n[  161.150093]  ? wait_for_concurrent_writes+0x170/0x170\n[  161.151004]  ? generic_file_llseek_size+0x48/0x160\n[  161.151895]  nfsd_readdir+0x132/0x190\n[  161.152606]  ? nfsd4_encode_dirent_fattr+0x380/0x380\n[  161.153516]  ? nfsd_unlink+0x380/0x380\n[  161.154256]  ? override_creds+0x45/0x60\n[  161.155006]  nfsd4_encode_readdir+0x21a/0x3d0\n[  161.155850]  ? nfsd4_encode_readlink+0x210/0x210\n[  161.156731]  ? write_bytes_to_xdr_buf+0x97/0xe0\n[  161.157598]  ? __write_bytes_to_xdr_buf+0xd0/0xd0\n[  161.158494]  ? lock_downgrade+0x90/0x90\n[  161.159232]  ? nfs4svc_decode_voidarg+0x10/0x10\n[  161.160092]  nfsd4_encode_operation+0x15a/0x440\n[  161.160959]  nfsd4_proc_compound+0x718/0xe90\n[  161.161818]  nfsd_dispatch+0x18e/0x2c0\n[  161.162586]  svc_process_common+0x786/0xc50\n[  161.163403]  ? nfsd_svc+0x380/0x380\n[  161.164137]  ? svc_printk+0x160/0x160\n[  161.164846]  ? svc_xprt_do_enqueue.part.0+0x365/0x380\n[  161.165808]  ? nfsd_svc+0x380/0x380\n[  161.166523]  ? rcu_is_watching+0x23/0x40\n[  161.167309]  svc_process+0x1a5/0x200\n[  161.168019]  nfsd+0x1f5/0x380\n[  161.168663]  ? nfsd_shutdown_threads+0x260/0x260\n[  161.169554]  kthread+0x1c4/0x210\n[  161.170224]  ? kthread_insert_work_sanity_check+0x80/0x80\n[  161.171246]  ret_from_fork+0x1f/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:54:12.392Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0ea4333c679f333e23956de743ad17387819d3f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/825789ca94602543101045ad3aad19b2b60c6b2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fe058502f8864649c3d614b06b2235223798f48"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7d8ee9db94372b8235f5f22bb24381891594c42"
        },
        {
          "url": "https://git.kernel.org/stable/c/c76005adfa93d1a027433331252422078750321f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9cfecca22a36b927a440abc6307efb9e138fed5"
        },
        {
          "url": "https://git.kernel.org/stable/c/340e61e44c1d2a15c42ec72ade9195ad525fd048"
        }
      ],
      "title": "nfsd: map the EBADMSG to nfserr_io to avoid warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49875",
    "datePublished": "2024-10-21T18:01:15.434Z",
    "dateReserved": "2024-10-21T12:17:06.020Z",
    "dateUpdated": "2026-01-05T10:54:12.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26675 (GCVE-0-2024-26675)

Vulnerability from cvelistv5 – Published: 2024-04-02 07:01 – Updated: 2025-05-04 08:53

Title

ppp_async: limit MRU to 64K

Summary

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU) [1]: WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 Modules linked in: CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: events_unbound flush_to_ldisc pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537 sp : ffff800093967580 x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000 x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0 x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8 x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120 x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005 x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000 x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001 x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020 x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0 Call trace: __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926 __do_kmalloc_node mm/slub.c:3969 [inline] __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001 kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590 __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651 __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715 netdev_alloc_skb include/linux/skbuff.h:3235 [inline] dev_alloc_skb include/linux/skbuff.h:3248 [inline] ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline] ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341 tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390 tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37 receive_buf drivers/tty/tty_buffer.c:444 [inline] flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4fdb14ba89faff6e6…
	https://git.kernel.org/stable/c/56fae81633ccee307…
	https://git.kernel.org/stable/c/b06e067e93fa4b98a…
	https://git.kernel.org/stable/c/58fbe665b097bf7b3…
	https://git.kernel.org/stable/c/4e2c4846b2507f6df…
	https://git.kernel.org/stable/c/7e5ef49670766c974…
	https://git.kernel.org/stable/c/210d938f963dddc54…
	https://git.kernel.org/stable/c/cb88cb53badb8aeb3…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 56fae81633ccee307cfcb032f706bf1863a56982 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b06e067e93fa4b98acfd3a9f38a398ab91bbc58b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4e2c4846b2507f6dfc9bea72b7567c2693a82a16 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7e5ef49670766c9742ffcd9cead7cdb018268719 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 210d938f963dddc543b07e66a79b7d8d4bd00bd8 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cb88cb53badb8aeb3955ad6ce80b07b598e310b8 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.78 , ≤ 6.1.* (semver)
Unaffected: 6.6.17 , ≤ 6.6.* (semver)
Unaffected: 6.7.5 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:53:26.335519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:36.657Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ppp/ppp_async.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "56fae81633ccee307cfcb032f706bf1863a56982",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b06e067e93fa4b98acfd3a9f38a398ab91bbc58b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4e2c4846b2507f6dfc9bea72b7567c2693a82a16",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7e5ef49670766c9742ffcd9cead7cdb018268719",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "210d938f963dddc543b07e66a79b7d8d4bd00bd8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cb88cb53badb8aeb3955ad6ce80b07b598e310b8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ppp/ppp_async.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.78",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.17",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp_async: limit MRU to 64K\n\nsyzbot triggered a warning [1] in __alloc_pages():\n\nWARN_ON_ONCE_GFP(order \u003e MAX_PAGE_ORDER, gfp)\n\nWillem fixed a similar issue in commit c0a2a1b0d631 (\"ppp: limit MRU to 64K\")\n\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\n\n[1]:\n\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: events_unbound flush_to_ldisc\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\nsp : ffff800093967580\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\nCall trace:\n  __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n  __alloc_pages_node include/linux/gfp.h:238 [inline]\n  alloc_pages_node include/linux/gfp.h:261 [inline]\n  __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\n  __do_kmalloc_node mm/slub.c:3969 [inline]\n  __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\n  kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\n  __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\n  __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\n  netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\n  dev_alloc_skb include/linux/skbuff.h:3248 [inline]\n  ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\n  ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\n  tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\n  tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\n  receive_buf drivers/tty/tty_buffer.c:444 [inline]\n  flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\n  process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n  process_scheduled_works kernel/workqueue.c:2706 [inline]\n  worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n  kthread+0x288/0x310 kernel/kthread.c:388\n  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:53:42.211Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982"
        },
        {
          "url": "https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b"
        },
        {
          "url": "https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719"
        },
        {
          "url": "https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8"
        }
      ],
      "title": "ppp_async: limit MRU to 64K",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26675",
    "datePublished": "2024-04-02T07:01:40.054Z",
    "dateReserved": "2024-02-19T14:20:24.151Z",
    "dateUpdated": "2025-05-04T08:53:42.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9681 (GCVE-0-2024-9681)

Vulnerability from cvelistv5 – Published: 2024-11-06 07:47 – Updated: 2025-11-03 20:56

Title

HSTS subdomain overwrites parent cache entry

Summary

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://example.com` until the (wrongly set) timeout expires. This bug can also expire the parent's entry *earlier*, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-1025 Comparison Using Wrong Factors

Assigner

curl

References

URL

Tags

	https://curl.se/docs/CVE-2024-9681.json
	https://curl.se/docs/CVE-2024-9681.html
	https://hackerone.com/reports/2764830

Impacted products

	Vendor	Product	Version
	curl	curl	Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver)

Credits

newfunction Daniel Stenberg

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:56:39.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/06/2"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241213-0006/"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/13"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/10"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/9"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/8"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/5"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/4"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/12"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/11"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:curl:curl:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "curl",
            "vendor": "curl",
            "versions": [
              {
                "lessThan": "7.74.0",
                "status": "unaffected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.10.1",
                "status": "affected",
                "version": "7.74.0",
                "versionType": "semver"
              },
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "8.11.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-9681",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T16:16:59.652768Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T17:09:00.777Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.10.1",
              "status": "affected",
              "version": "8.10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.0",
              "status": "affected",
              "version": "8.10.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.1",
              "status": "affected",
              "version": "8.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.0",
              "status": "affected",
              "version": "8.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.8.0",
              "status": "affected",
              "version": "8.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.1",
              "status": "affected",
              "version": "8.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.0",
              "status": "affected",
              "version": "8.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.6.0",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.1",
              "status": "affected",
              "version": "8.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.2",
              "status": "affected",
              "version": "8.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.1",
              "status": "affected",
              "version": "8.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.0",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.1",
              "status": "affected",
              "version": "8.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.1",
              "status": "affected",
              "version": "7.88.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.0",
              "status": "affected",
              "version": "7.88.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.87.0",
              "status": "affected",
              "version": "7.87.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.86.0",
              "status": "affected",
              "version": "7.86.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.85.0",
              "status": "affected",
              "version": "7.85.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.84.0",
              "status": "affected",
              "version": "7.84.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.1",
              "status": "affected",
              "version": "7.83.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.0",
              "status": "affected",
              "version": "7.83.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.82.0",
              "status": "affected",
              "version": "7.82.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.81.0",
              "status": "affected",
              "version": "7.81.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.80.0",
              "status": "affected",
              "version": "7.80.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.1",
              "status": "affected",
              "version": "7.79.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.0",
              "status": "affected",
              "version": "7.79.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.78.0",
              "status": "affected",
              "version": "7.78.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.77.0",
              "status": "affected",
              "version": "7.77.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.1",
              "status": "affected",
              "version": "7.76.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.0",
              "status": "affected",
              "version": "7.76.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.75.0",
              "status": "affected",
              "version": "7.75.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.74.0",
              "status": "affected",
              "version": "7.74.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "newfunction"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Daniel Stenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain\u0027s cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain\u0027s expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl\u0027s HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent\u0027s entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1025 Comparison Using Wrong Factors",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T07:47:20.162Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2024-9681.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2024-9681.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/2764830"
        }
      ],
      "title": "HSTS subdomain overwrites parent cache entry"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2024-9681",
    "datePublished": "2024-11-06T07:47:20.162Z",
    "dateReserved": "2024-10-09T07:57:47.318Z",
    "dateUpdated": "2025-11-03T20:56:39.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-49034 (GCVE-0-2022-49034)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2025-12-23 13:21

Title

sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

Summary

In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning similar as below when showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<900000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8fbb57eabfc8ae671…
	https://git.kernel.org/stable/c/f8f26cf69003a37ff…
	https://git.kernel.org/stable/c/77755dc95ff2f9a3e…
	https://git.kernel.org/stable/c/e2b91997db286a5dd…
	https://git.kernel.org/stable/c/2b6b8e011fab680a2…
	https://git.kernel.org/stable/c/09faf32c682ea4a54…
	https://git.kernel.org/stable/c/39373f6f89f52770a…
	https://git.kernel.org/stable/c/701e32900683378d9…
	https://git.kernel.org/stable/c/3c891f7c6a4e90bb1…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8fbb57eabfc8ae67115cb47f904614c99d626a89 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f8f26cf69003a37ffa947631fc0e6fe6daee624a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 77755dc95ff2f9a3e473acc1e039f498629949ea (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e2b91997db286a5dd3cca6d5d9c20004851f22eb (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2b6b8e011fab680a223b5e07a3c64774156ec6fe (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 09faf32c682ea4a547200b8b9e04d8b3c8e84b55 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 39373f6f89f52770a5405d30dddd08a27d097872 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 701e32900683378d93693fec15d133e2c5f7ada2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3c891f7c6a4e90bb1199497552f24b26e46383bc (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:35:12.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/sh/kernel/cpu/proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8fbb57eabfc8ae67115cb47f904614c99d626a89",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f8f26cf69003a37ffa947631fc0e6fe6daee624a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "77755dc95ff2f9a3e473acc1e039f498629949ea",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e2b91997db286a5dd3cca6d5d9c20004851f22eb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2b6b8e011fab680a223b5e07a3c64774156ec6fe",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "09faf32c682ea4a547200b8b9e04d8b3c8e84b55",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "39373f6f89f52770a5405d30dddd08a27d097872",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "701e32900683378d93693fec15d133e2c5f7ada2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3c891f7c6a4e90bb1199497552f24b26e46383bc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/sh/kernel/cpu/proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected,\ncpu_max_bits_warn() generates a runtime warning similar as below when\nshowing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[    3.052463] ------------[ cut here ]------------\n[    3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[    3.070072] Modules linked in: efivarfs autofs4\n[    3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[    3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[    3.109127]         9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[    3.118774]         90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[    3.128412]         0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[    3.138056]         0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[    3.147711]         ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[    3.157364]         900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[    3.167012]         0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[    3.176641]         9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[    3.186260]         00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[    3.195868]         ...\n[    3.199917] Call Trace:\n[    3.203941] [\u003c90000000002086d8\u003e] show_stack+0x38/0x14c\n[    3.210666] [\u003c9000000000cf846c\u003e] dump_stack_lvl+0x60/0x88\n[    3.217625] [\u003c900000000023d268\u003e] __warn+0xd0/0x100\n[    3.223958] [\u003c9000000000cf3c90\u003e] warn_slowpath_fmt+0x7c/0xcc\n[    3.231150] [\u003c9000000000210220\u003e] show_cpuinfo+0x5e8/0x5f0\n[    3.238080] [\u003c90000000004f578c\u003e] seq_read_iter+0x354/0x4b4\n[    3.245098] [\u003c90000000004c2e90\u003e] new_sync_read+0x17c/0x1c4\n[    3.252114] [\u003c90000000004c5174\u003e] vfs_read+0x138/0x1d0\n[    3.258694] [\u003c90000000004c55f8\u003e] ksys_read+0x70/0x100\n[    3.265265] [\u003c9000000000cfde9c\u003e] do_syscall+0x7c/0x94\n[    3.271820] [\u003c9000000000202fe4\u003e] handle_syscall+0xc4/0x160\n[    3.281824] ---[ end trace 8b484262b4b8c24c ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:21:40.258Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8fbb57eabfc8ae67115cb47f904614c99d626a89"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8f26cf69003a37ffa947631fc0e6fe6daee624a"
        },
        {
          "url": "https://git.kernel.org/stable/c/77755dc95ff2f9a3e473acc1e039f498629949ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2b91997db286a5dd3cca6d5d9c20004851f22eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b6b8e011fab680a223b5e07a3c64774156ec6fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/09faf32c682ea4a547200b8b9e04d8b3c8e84b55"
        },
        {
          "url": "https://git.kernel.org/stable/c/39373f6f89f52770a5405d30dddd08a27d097872"
        },
        {
          "url": "https://git.kernel.org/stable/c/701e32900683378d93693fec15d133e2c5f7ada2"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c891f7c6a4e90bb1199497552f24b26e46383bc"
        }
      ],
      "title": "sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49034",
    "datePublished": "2024-12-27T13:49:10.297Z",
    "dateReserved": "2024-08-22T01:27:53.654Z",
    "dateUpdated": "2025-12-23T13:21:40.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46679 (GCVE-0-2024-46679)

Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2025-11-03 22:16

Title

ethtool: check device is present when getting link settings

Summary

In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ec7b4f7f644018ac2…
	https://git.kernel.org/stable/c/842a40c7273ba1c1c…
	https://git.kernel.org/stable/c/7a8d98b6d6484d3ad…
	https://git.kernel.org/stable/c/9bba5955eed160102…
	https://git.kernel.org/stable/c/94ab317024ba373d3…
	https://git.kernel.org/stable/c/1d6d9b5b1b95bfecc…
	https://git.kernel.org/stable/c/a699781c79ecf6cfe…

Impacted products

Vendor

Product

Version

Linux

Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < ec7b4f7f644018ac293cb1b02528a40a32917e62 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 842a40c7273ba1c1cb30dda50405b328de1d860e (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 7a8d98b6d6484d3ad358510366022da080c37cbc (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 9bba5955eed160102114d4cc00c3d399be9bdae4 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 94ab317024ba373d37340893d1c0358638935fbb (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < a699781c79ecf6cfe67fb00a0331b4088c7c8466 (git)

Linux

Affected: 2.6.33
Unaffected: 0 , < 2.6.33 (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.108 , ≤ 6.1.* (semver)
Unaffected: 6.6.49 , ≤ 6.6.* (semver)
Unaffected: 6.10.8 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:10:05.131175Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:10:19.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:16:20.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/net-sysfs.c",
            "net/ethtool/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ec7b4f7f644018ac293cb1b02528a40a32917e62",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "842a40c7273ba1c1cb30dda50405b328de1d860e",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "7a8d98b6d6484d3ad358510366022da080c37cbc",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "9bba5955eed160102114d4cc00c3d399be9bdae4",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "94ab317024ba373d37340893d1c0358638935fbb",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "a699781c79ecf6cfe67fb00a0331b4088c7c8466",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/net-sysfs.c",
            "net/ethtool/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.108",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.49",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.8",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash\u003e struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n(\"net-sysfs: add check for netdevice being present to speed_show\").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\u0027t have a device presence check.\n\nMove this check into ethtool to protect all callers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:44.156Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62"
        },
        {
          "url": "https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4"
        },
        {
          "url": "https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466"
        }
      ],
      "title": "ethtool: check device is present when getting link settings",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46679",
    "datePublished": "2024-09-13T05:29:13.450Z",
    "dateReserved": "2024-09-11T15:12:18.248Z",
    "dateUpdated": "2025-11-03T22:16:20.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26845 (GCVE-0-2024-26845)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2026-01-05 10:34

Title

scsi: target: core: Add TMF to tmr_list handling

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Add TMF to tmr_list handling An abort that is responded to by iSCSI itself is added to tmr_list but does not go to target core. A LUN_RESET that goes through tmr_list takes a refcounter on the abort and waits for completion. However, the abort will be never complete because it was not started in target core. Unable to locate ITT: 0x05000000 on CID: 0 Unable to locate RefTaskTag: 0x05000000 on CID: 0. wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop ... INFO: task kworker/0:2:49 blocked for more than 491 seconds. task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800 Workqueue: events target_tmr_work [target_core_mod] Call Trace: __switch_to+0x2c4/0x470 _schedule+0x314/0x1730 schedule+0x64/0x130 schedule_timeout+0x168/0x430 wait_for_completion+0x140/0x270 target_put_cmd_and_wait+0x64/0xb0 [target_core_mod] core_tmr_lun_reset+0x30/0xa0 [target_core_mod] target_tmr_work+0xc8/0x1b0 [target_core_mod] process_one_work+0x2d4/0x5d0 worker_thread+0x78/0x6c0 To fix this, only add abort to tmr_list if it will be handled by target core.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/11f3fe5001ed05721…
	https://git.kernel.org/stable/c/168ed59170de1fd72…
	https://git.kernel.org/stable/c/a9849b67b4402a12e…
	https://git.kernel.org/stable/c/e717bd412001495f1…
	https://git.kernel.org/stable/c/36bc5040c863b44af…
	https://git.kernel.org/stable/c/bd508f96b5fef96d8…
	https://git.kernel.org/stable/c/83ab68168a3d990d5…

Impacted products

Vendor

Product

Version

Linux

Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < 11f3fe5001ed05721e641f0ecaa7a73b7deb245d (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < 168ed59170de1fd7274080fe102216162d6826cf (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < a9849b67b4402a12eb35eadc9306c1ef9847d53d (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < e717bd412001495f17400bfc09f606f1b594ef5a (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < 36bc5040c863b44af06094b22f1e50059227b9cb (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < 83ab68168a3d990d5ff39ab030ad5754cbbccb25 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26845",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:57:59.068880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:22.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.663Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/target_core_device.c",
            "drivers/target/target_core_transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "11f3fe5001ed05721e641f0ecaa7a73b7deb245d",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "168ed59170de1fd7274080fe102216162d6826cf",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "a9849b67b4402a12eb35eadc9306c1ef9847d53d",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "e717bd412001495f17400bfc09f606f1b594ef5a",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "36bc5040c863b44af06094b22f1e50059227b9cb",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "83ab68168a3d990d5ff39ab030ad5754cbbccb25",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/target_core_device.c",
            "drivers/target/target_core_transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Add TMF to tmr_list handling\n\nAn abort that is responded to by iSCSI itself is added to tmr_list but does\nnot go to target core. A LUN_RESET that goes through tmr_list takes a\nrefcounter on the abort and waits for completion. However, the abort will\nbe never complete because it was not started in target core.\n\n Unable to locate ITT: 0x05000000 on CID: 0\n Unable to locate RefTaskTag: 0x05000000 on CID: 0.\n wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n...\n INFO: task kworker/0:2:49 blocked for more than 491 seconds.\n task:kworker/0:2     state:D stack:    0 pid:   49 ppid:     2 flags:0x00000800\n Workqueue: events target_tmr_work [target_core_mod]\nCall Trace:\n __switch_to+0x2c4/0x470\n _schedule+0x314/0x1730\n schedule+0x64/0x130\n schedule_timeout+0x168/0x430\n wait_for_completion+0x140/0x270\n target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]\n core_tmr_lun_reset+0x30/0xa0 [target_core_mod]\n target_tmr_work+0xc8/0x1b0 [target_core_mod]\n process_one_work+0x2d4/0x5d0\n worker_thread+0x78/0x6c0\n\nTo fix this, only add abort to tmr_list if it will be handled by target\ncore."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:40.167Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
        },
        {
          "url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
        },
        {
          "url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
        }
      ],
      "title": "scsi: target: core: Add TMF to tmr_list handling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26845",
    "datePublished": "2024-04-17T10:10:09.337Z",
    "dateReserved": "2024-02-19T14:20:24.182Z",
    "dateUpdated": "2026-01-05T10:34:40.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52617 (GCVE-0-2023-52617)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:19 – Updated: 2026-01-05 10:16

Title

PCI: switchtec: Fix stdev_release() crash after surprise hot remove

Summary

In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove(). Otherwise the last ref would vanish with the trailing put_device(), just before return. At that later point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev pointer. Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent future accidents. Reproducible via the script at https://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d8c293549946ee507…
	https://git.kernel.org/stable/c/4a5d0528cf19dbf06…
	https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53…
	https://git.kernel.org/stable/c/1d83c85922647758c…
	https://git.kernel.org/stable/c/0233b836312e39a3c…
	https://git.kernel.org/stable/c/e129c7fa7070fbce5…
	https://git.kernel.org/stable/c/df25461119d987b8c…

Impacted products

Vendor

Product

Version

Linux

Affected: f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35 , < d8c293549946ee5078ed0ab77793cec365559355 (git)
Affected: f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35 , < 4a5d0528cf19dbf060313dffbe047bc11c90c24c (git)
Affected: f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35 , < ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8 (git)
Affected: f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35 , < 1d83c85922647758c1f1e4806a4c5c3cf591a20a (git)
Affected: f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35 , < 0233b836312e39a3c763fb53512b3fa455b473b3 (git)
Affected: f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35 , < e129c7fa7070fbce57feb0bfc5eaa65eef44b693 (git)
Affected: f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35 , < df25461119d987b8c81d232cfe4411e91dcabe66 (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52617",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T20:25:20.462363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T20:25:39.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/switch/switchtec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d8c293549946ee5078ed0ab77793cec365559355",
              "status": "affected",
              "version": "f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35",
              "versionType": "git"
            },
            {
              "lessThan": "4a5d0528cf19dbf060313dffbe047bc11c90c24c",
              "status": "affected",
              "version": "f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35",
              "versionType": "git"
            },
            {
              "lessThan": "ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8",
              "status": "affected",
              "version": "f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35",
              "versionType": "git"
            },
            {
              "lessThan": "1d83c85922647758c1f1e4806a4c5c3cf591a20a",
              "status": "affected",
              "version": "f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35",
              "versionType": "git"
            },
            {
              "lessThan": "0233b836312e39a3c763fb53512b3fa455b473b3",
              "status": "affected",
              "version": "f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35",
              "versionType": "git"
            },
            {
              "lessThan": "e129c7fa7070fbce57feb0bfc5eaa65eef44b693",
              "status": "affected",
              "version": "f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35",
              "versionType": "git"
            },
            {
              "lessThan": "df25461119d987b8c81d232cfe4411e91dcabe66",
              "status": "affected",
              "version": "f7eb7b8a4f72b0d9dea69b09f58185ffab97fd35",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/switch/switchtec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: switchtec: Fix stdev_release() crash after surprise hot remove\n\nA PCI device hot removal may occur while stdev-\u003ecdev is held open. The call\nto stdev_release() then happens during close or exit, at a point way past\nswitchtec_pci_remove(). Otherwise the last ref would vanish with the\ntrailing put_device(), just before return.\n\nAt that later point in time, the devm cleanup has already removed the\nstdev-\u003emmio_mrpc mapping. Also, the stdev-\u003epdev reference was not a counted\none. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause\na fatal page fault, and the subsequent dma_free_coherent(), if reached,\nwould pass a stale \u0026stdev-\u003epdev-\u003edev pointer.\n\nFix by moving MRPC DMA shutdown into switchtec_pci_remove(), after\nstdev_kill(). Counting the stdev-\u003epdev ref is now optional, but may prevent\nfuture accidents.\n\nReproducible via the script at\nhttps://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:39.893Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693"
        },
        {
          "url": "https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66"
        }
      ],
      "title": "PCI: switchtec: Fix stdev_release() crash after surprise hot remove",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52617",
    "datePublished": "2024-03-18T10:19:04.651Z",
    "dateReserved": "2024-03-06T09:52:12.089Z",
    "dateUpdated": "2026-01-05T10:16:39.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49967 (GCVE-0-2024-49967)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-01-07 08:46

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-01-07T08:46:31.368Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49967",
    "datePublished": "2024-10-21T18:02:17.714Z",
    "dateRejected": "2025-01-07T08:46:31.368Z",
    "dateReserved": "2024-10-21T12:17:06.050Z",
    "dateUpdated": "2025-01-07T08:46:31.368Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6121 (GCVE-0-2023-6121)

Vulnerability from cvelistv5 – Published: 2023-11-16 14:45 – Updated: 2025-11-06 20:01

Title

Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get

Summary

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:2394	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2950	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3138	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6121	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2250043	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-553.rt7.342.el8_10 , < * (rpm)
cpe:/a:redhat:enterprise_linux:8::realtime
cpe:/a:redhat:enterprise_linux:8::nfv

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-553.el8_10 , < * (rpm) cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-427.13.1.el9_4 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-427.13.1.el9_4 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Credits

Red Hat would like to thank Alon Zahavi for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T13:58:01.737027Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T13:58:09.509Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2394"
          },
          {
            "name": "RHSA-2024:2950",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2950"
          },
          {
            "name": "RHSA-2024:3138",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3138"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6121"
          },
          {
            "name": "RHBZ#2250043",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250043"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::realtime",
            "cpe:/a:redhat:enterprise_linux:8::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-553.rt7.342.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-553.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-427.13.1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-427.13.1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
        }
      ],
      "datePublic": "2023-11-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T20:01:43.127Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2394"
        },
        {
          "name": "RHSA-2024:2950",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2950"
        },
        {
          "name": "RHSA-2024:3138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3138"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6121"
        },
        {
          "name": "RHBZ#2250043",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250043"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-12T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-11-06T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get",
      "workarounds": [
        {
          "lang": "en",
          "value": "This flaw can be mitigated by explicitly setting the kernel parameter to restrict unprivileged users from using dmesg:\n```\nsudo sysctl -w kernel.dmesg_restrict=1\n```\nTo make it persistent between system reboots:\n```\necho \u0027kernel.dmesg_restrict=1\u0027 | sudo tee -a /etc/sysctl.conf\n```"
        }
      ],
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6121",
    "datePublished": "2023-11-16T14:45:38.430Z",
    "dateReserved": "2023-11-14T10:18:51.337Z",
    "dateUpdated": "2025-11-06T20:01:43.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52867 (GCVE-0-2023-52867)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2025-05-04 07:44

Title

drm/radeon: possible buffer overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/112d4b02d94bf9fa4…
	https://git.kernel.org/stable/c/caaa74541459c4c9e…
	https://git.kernel.org/stable/c/ddc42881f170f1f51…
	https://git.kernel.org/stable/c/7b063c93bece827fd…
	https://git.kernel.org/stable/c/347f025a02b3a5d71…
	https://git.kernel.org/stable/c/341e79f8aec6af6b0…
	https://git.kernel.org/stable/c/d9b4fa249deaae114…
	https://git.kernel.org/stable/c/19534a7a225f1bf2d…
	https://git.kernel.org/stable/c/dd05484f99d16715a…

Impacted products

Vendor

Product

Version

Linux

Affected: 5cc4e5fc293bfe2634535f544427e8c6061492a5 , < 112d4b02d94bf9fa4f1d3376587878400dd74783 (git)
Affected: 5cc4e5fc293bfe2634535f544427e8c6061492a5 , < caaa74541459c4c9e2c10046cf66ad2890483d0f (git)
Affected: 5cc4e5fc293bfe2634535f544427e8c6061492a5 , < ddc42881f170f1f518496f5a70447501335fc783 (git)
Affected: 5cc4e5fc293bfe2634535f544427e8c6061492a5 , < 7b063c93bece827fde237fae1c101bceeee4e896 (git)
Affected: 5cc4e5fc293bfe2634535f544427e8c6061492a5 , < 347f025a02b3a5d715a0b471fc3b1439c338ad94 (git)
Affected: 5cc4e5fc293bfe2634535f544427e8c6061492a5 , < 341e79f8aec6af6b0061b8171d77b085835c6a58 (git)
Affected: 5cc4e5fc293bfe2634535f544427e8c6061492a5 , < d9b4fa249deaae1145d6fc2b64dae718e5c7a855 (git)
Affected: 5cc4e5fc293bfe2634535f544427e8c6061492a5 , < 19534a7a225f1bf2da70a9a90d41d0215f8f6b45 (git)
Affected: 5cc4e5fc293bfe2634535f544427e8c6061492a5 , < dd05484f99d16715a88eedfca363828ef9a4c2d4 (git)

Linux

Affected: 4.13
Unaffected: 0 , < 4.13 (semver)
Unaffected: 4.14.330 , ≤ 4.14.* (semver)
Unaffected: 4.19.299 , ≤ 4.19.* (semver)
Unaffected: 5.4.261 , ≤ 5.4.* (semver)
Unaffected: 5.10.201 , ≤ 5.10.* (semver)
Unaffected: 5.15.139 , ≤ 5.15.* (semver)
Unaffected: 6.1.63 , ≤ 6.1.* (semver)
Unaffected: 6.5.12 , ≤ 6.5.* (semver)
Unaffected: 6.6.2 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52867",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T17:50:12.334865Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:41.676Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/112d4b02d94bf9fa4f1d3376587878400dd74783"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/caaa74541459c4c9e2c10046cf66ad2890483d0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ddc42881f170f1f518496f5a70447501335fc783"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7b063c93bece827fde237fae1c101bceeee4e896"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/347f025a02b3a5d715a0b471fc3b1439c338ad94"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/341e79f8aec6af6b0061b8171d77b085835c6a58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d9b4fa249deaae1145d6fc2b64dae718e5c7a855"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/19534a7a225f1bf2da70a9a90d41d0215f8f6b45"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd05484f99d16715a88eedfca363828ef9a4c2d4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/radeon/evergreen.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "112d4b02d94bf9fa4f1d3376587878400dd74783",
              "status": "affected",
              "version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
              "versionType": "git"
            },
            {
              "lessThan": "caaa74541459c4c9e2c10046cf66ad2890483d0f",
              "status": "affected",
              "version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
              "versionType": "git"
            },
            {
              "lessThan": "ddc42881f170f1f518496f5a70447501335fc783",
              "status": "affected",
              "version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
              "versionType": "git"
            },
            {
              "lessThan": "7b063c93bece827fde237fae1c101bceeee4e896",
              "status": "affected",
              "version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
              "versionType": "git"
            },
            {
              "lessThan": "347f025a02b3a5d715a0b471fc3b1439c338ad94",
              "status": "affected",
              "version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
              "versionType": "git"
            },
            {
              "lessThan": "341e79f8aec6af6b0061b8171d77b085835c6a58",
              "status": "affected",
              "version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
              "versionType": "git"
            },
            {
              "lessThan": "d9b4fa249deaae1145d6fc2b64dae718e5c7a855",
              "status": "affected",
              "version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
              "versionType": "git"
            },
            {
              "lessThan": "19534a7a225f1bf2da70a9a90d41d0215f8f6b45",
              "status": "affected",
              "version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
              "versionType": "git"
            },
            {
              "lessThan": "dd05484f99d16715a88eedfca363828ef9a4c2d4",
              "status": "affected",
              "version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/radeon/evergreen.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "lessThan": "4.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.330",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.299",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.261",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.201",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.139",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.330",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.299",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.261",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.201",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.139",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.63",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.12",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.2",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: possible buffer overflow\n\nBuffer \u0027afmt_status\u0027 of size 6 could overflow, since index \u0027afmt_idx\u0027 is\nchecked after access."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:44:37.299Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/112d4b02d94bf9fa4f1d3376587878400dd74783"
        },
        {
          "url": "https://git.kernel.org/stable/c/caaa74541459c4c9e2c10046cf66ad2890483d0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddc42881f170f1f518496f5a70447501335fc783"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b063c93bece827fde237fae1c101bceeee4e896"
        },
        {
          "url": "https://git.kernel.org/stable/c/347f025a02b3a5d715a0b471fc3b1439c338ad94"
        },
        {
          "url": "https://git.kernel.org/stable/c/341e79f8aec6af6b0061b8171d77b085835c6a58"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9b4fa249deaae1145d6fc2b64dae718e5c7a855"
        },
        {
          "url": "https://git.kernel.org/stable/c/19534a7a225f1bf2da70a9a90d41d0215f8f6b45"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd05484f99d16715a88eedfca363828ef9a4c2d4"
        }
      ],
      "title": "drm/radeon: possible buffer overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52867",
    "datePublished": "2024-05-21T15:31:57.866Z",
    "dateReserved": "2024-05-21T15:19:24.262Z",
    "dateUpdated": "2025-05-04T07:44:37.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41087 (GCVE-0-2024-41087)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:48 – Updated: 2025-11-03 22:00

Title

ata: libata-core: Fix double free on error

Summary

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will trigger a call to ata_host_release(). ata_host_release() calls kfree(host), so executing the kfree(host) in ata_host_alloc() will lead to a double free: kernel BUG at mm/slub.c:553! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:kfree+0x2cf/0x2f0 Code: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da RSP: 0018:ffffc90000f377f0 EFLAGS: 00010246 RAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320 RDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0 RBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780 R13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006 FS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x6a/0x90 ? kfree+0x2cf/0x2f0 ? exc_invalid_op+0x50/0x70 ? kfree+0x2cf/0x2f0 ? asm_exc_invalid_op+0x1a/0x20 ? ata_host_alloc+0xf5/0x120 [libata] ? ata_host_alloc+0xf5/0x120 [libata] ? kfree+0x2cf/0x2f0 ata_host_alloc+0xf5/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci] Ensure that we will not call kfree(host) twice, by performing the kfree() only if the devres_open_group() call failed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/290073b2b557e4dc2…
	https://git.kernel.org/stable/c/56f1c7e290cd6c69c…
	https://git.kernel.org/stable/c/010de9acbea58fbcb…
	https://git.kernel.org/stable/c/5dde5f8b790274723…
	https://git.kernel.org/stable/c/702c1edbafb2e6f9d…
	https://git.kernel.org/stable/c/062e256516d7db5e7…
	https://git.kernel.org/stable/c/8106da4d88bbaed80…
	https://git.kernel.org/stable/c/ab9e0c529eb7cafeb…

Impacted products

Vendor

Product

Version

Linux

Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 290073b2b557e4dc21ee74a1e403d9ae79e393a2 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 010de9acbea58fbcbda08e3793d6262086a493fe (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 5dde5f8b790274723640d29a07c5a97d57d62047 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 702c1edbafb2e6f9d20f6d391273b5be09d366a5 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 062e256516d7db5e7dcdef117f52025cd5c456e3 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < 8106da4d88bbaed809e023cc8014b766223d6e76 (git)
Affected: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc , < ab9e0c529eb7cafebdd31fe1644524e80a48b05d (git)

Linux

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:41.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41087",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:20:45.691103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:58.682Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/ata/libata-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "290073b2b557e4dc21ee74a1e403d9ae79e393a2",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "010de9acbea58fbcbda08e3793d6262086a493fe",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "5dde5f8b790274723640d29a07c5a97d57d62047",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "702c1edbafb2e6f9d20f6d391273b5be09d366a5",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "062e256516d7db5e7dcdef117f52025cd5c456e3",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "8106da4d88bbaed809e023cc8014b766223d6e76",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            },
            {
              "lessThan": "ab9e0c529eb7cafebdd31fe1644524e80a48b05d",
              "status": "affected",
              "version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/ata/libata-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix double free on error\n\nIf e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump\nto the err_out label, which will call devres_release_group().\ndevres_release_group() will trigger a call to ata_host_release().\nata_host_release() calls kfree(host), so executing the kfree(host) in\nata_host_alloc() will lead to a double free:\n\nkernel BUG at mm/slub.c:553!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:kfree+0x2cf/0x2f0\nCode: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da\nRSP: 0018:ffffc90000f377f0 EFLAGS: 00010246\nRAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320\nRDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0\nRBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780\nR13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006\nFS:  00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? kfree+0x2cf/0x2f0\n ? exc_invalid_op+0x50/0x70\n ? kfree+0x2cf/0x2f0\n ? asm_exc_invalid_op+0x1a/0x20\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? kfree+0x2cf/0x2f0\n ata_host_alloc+0xf5/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nEnsure that we will not call kfree(host) twice, by performing the kfree()\nonly if the devres_open_group() call failed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:21:47.923Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f"
        },
        {
          "url": "https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047"
        },
        {
          "url": "https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d"
        }
      ],
      "title": "ata: libata-core: Fix double free on error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41087",
    "datePublished": "2024-07-29T15:48:03.127Z",
    "dateReserved": "2024-07-12T12:17:45.634Z",
    "dateUpdated": "2025-11-03T22:00:41.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26840 (GCVE-0-2024-26840)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2025-05-04 08:57

Title

cachefiles: fix memory leak in cachefiles_add_cache()

Summary

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370 [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0 [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120 [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0 [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0 [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520 [<ffffffff8ebc5069>] ksys_write+0x69/0xf0 [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140 [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 ================================================================== Put the reference count of cache_cred in cachefiles_daemon_unbind() to fix the problem. And also put cache_cred in cachefiles_add_cache() error branch to avoid memory leaks.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cb5466783793e6627…
	https://git.kernel.org/stable/c/037d5a949b0455540…
	https://git.kernel.org/stable/c/43eccc5823732ba6d…
	https://git.kernel.org/stable/c/94965be37add09836…
	https://git.kernel.org/stable/c/8b218e2f0a27a9f09…
	https://git.kernel.org/stable/c/38e921616320d1593…
	https://git.kernel.org/stable/c/9cac69912052a4def…
	https://git.kernel.org/stable/c/e21a2f17566cbd649…

Impacted products

Vendor

Product

Version

Linux

Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < cb5466783793e66272624cf71925ae1d1ba32083 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 037d5a949b0455540ef9aab34c10ddf54b65d285 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 43eccc5823732ba6daab2511ed32dfc545a666d8 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 94965be37add0983672e48ecb33cdbda92b62579 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 8b218e2f0a27a9f09428b1847b4580640b9d1e58 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 38e921616320d159336b0ffadb09e9fb4945c7c3 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 9cac69912052a4def571fedf1cb9bb4ec590e25a (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < e21a2f17566cbd64926fb8f16323972f7a064444 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.309 , ≤ 4.19.* (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26840",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:58:24.475717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:17.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/cache.c",
            "fs/cachefiles/daemon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cb5466783793e66272624cf71925ae1d1ba32083",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "037d5a949b0455540ef9aab34c10ddf54b65d285",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "43eccc5823732ba6daab2511ed32dfc545a666d8",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "94965be37add0983672e48ecb33cdbda92b62579",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "8b218e2f0a27a9f09428b1847b4580640b9d1e58",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "38e921616320d159336b0ffadb09e9fb4945c7c3",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "9cac69912052a4def571fedf1cb9bb4ec590e25a",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "e21a2f17566cbd64926fb8f16323972f7a064444",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/cache.c",
            "fs/cachefiles/daemon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.309",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.309",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix memory leak in cachefiles_add_cache()\n\nThe following memory leak was reported after unbinding /dev/cachefiles:\n\n==================================================================\nunreferenced object 0xffff9b674176e3c0 (size 192):\n  comm \"cachefilesd2\", pid 680, jiffies 4294881224\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc ea38a44b):\n    [\u003cffffffff8eb8a1a5\u003e] kmem_cache_alloc+0x2d5/0x370\n    [\u003cffffffff8e917f86\u003e] prepare_creds+0x26/0x2e0\n    [\u003cffffffffc002eeef\u003e] cachefiles_determine_cache_security+0x1f/0x120\n    [\u003cffffffffc00243ec\u003e] cachefiles_add_cache+0x13c/0x3a0\n    [\u003cffffffffc0025216\u003e] cachefiles_daemon_write+0x146/0x1c0\n    [\u003cffffffff8ebc4a3b\u003e] vfs_write+0xcb/0x520\n    [\u003cffffffff8ebc5069\u003e] ksys_write+0x69/0xf0\n    [\u003cffffffff8f6d4662\u003e] do_syscall_64+0x72/0x140\n    [\u003cffffffff8f8000aa\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n==================================================================\n\nPut the reference count of cache_cred in cachefiles_daemon_unbind() to\nfix the problem. And also put cache_cred in cachefiles_add_cache() error\nbranch to avoid memory leaks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:42.799Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
        },
        {
          "url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
        },
        {
          "url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
        },
        {
          "url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
        }
      ],
      "title": "cachefiles: fix memory leak in cachefiles_add_cache()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26840",
    "datePublished": "2024-04-17T10:10:06.180Z",
    "dateReserved": "2024-02-19T14:20:24.182Z",
    "dateUpdated": "2025-05-04T08:57:42.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46781 (GCVE-0-2024-46781)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18

Title

nilfs2: fix missing cleanup on rollforward recovery error

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error In an error injection test of a routine for mount-time recovery, KASAN found a use-after-free bug. It turned out that if data recovery was performed using partial logs created by dsync writes, but an error occurred before starting the log writer to create a recovered checkpoint, the inodes whose data had been recovered were left in the ns_dirty_files list of the nilfs object and were not freed. Fix this issue by cleaning up inodes that have read the recovery data if the recovery routine fails midway before the log writer starts.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/35a9a7a7d94662146…
	https://git.kernel.org/stable/c/da02f9eb333333b2e…
	https://git.kernel.org/stable/c/07e4dc2fe000ab008…
	https://git.kernel.org/stable/c/8e2d1e9d93c4ec513…
	https://git.kernel.org/stable/c/ca92c4bff2833cb30…
	https://git.kernel.org/stable/c/9d8c3a585d564d776…
	https://git.kernel.org/stable/c/1cf1f7e8cd47244fa…
	https://git.kernel.org/stable/c/5787fcaab9eb5930f…

Impacted products

Vendor

Product

Version

Linux

Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 35a9a7a7d94662146396199b0cfd95f9517cdd14 (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < da02f9eb333333b2e4f25d2a14967cff785ac82e (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 07e4dc2fe000ab008bcfe90be4324ef56b5b4355 (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 8e2d1e9d93c4ec51354229361ac3373058529ec4 (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < ca92c4bff2833cb30d493b935168d6cccd5c805d (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 9d8c3a585d564d776ee60d4aabec59b404be7403 (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 1cf1f7e8cd47244fa947d357ef1f642d91e219a3 (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 5787fcaab9eb5930f5378d6a1dd03d916d146622 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:37:59.673853Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:38:14.597Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:23.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/recovery.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "35a9a7a7d94662146396199b0cfd95f9517cdd14",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "da02f9eb333333b2e4f25d2a14967cff785ac82e",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "07e4dc2fe000ab008bcfe90be4324ef56b5b4355",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "8e2d1e9d93c4ec51354229361ac3373058529ec4",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "ca92c4bff2833cb30d493b935168d6cccd5c805d",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "9d8c3a585d564d776ee60d4aabec59b404be7403",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "1cf1f7e8cd47244fa947d357ef1f642d91e219a3",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "5787fcaab9eb5930f5378d6a1dd03d916d146622",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/recovery.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:34:09.287Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14"
        },
        {
          "url": "https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e"
        },
        {
          "url": "https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622"
        }
      ],
      "title": "nilfs2: fix missing cleanup on rollforward recovery error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46781",
    "datePublished": "2024-09-18T07:12:37.603Z",
    "dateReserved": "2024-09-11T15:12:18.276Z",
    "dateUpdated": "2025-11-03T22:18:23.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46756 (GCVE-0-2024-46756)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-01-09 15:47

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-01-09T15:47:21.890Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46756",
    "datePublished": "2024-09-18T07:12:15.814Z",
    "dateRejected": "2025-01-09T15:47:21.890Z",
    "dateReserved": "2024-09-11T15:12:18.271Z",
    "dateUpdated": "2025-01-09T15:47:21.890Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49867 (GCVE-0-2024-49867)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54

Title

btrfs: wait for fixup workers before stopping cleaner kthread during umount

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the kthread, it basically halts its execution (wake ups against it work but do nothing); 2) We stop the cleaner kthread - this results in freeing the respective struct task_struct; 3) We call btrfs_stop_all_workers() which waits for any jobs running in all the work queues and then free the work queues. Syzbot reported a case where a fixup worker resulted in a crash when doing a delayed iput on its inode while attempting to wake up the cleaner at btrfs_add_delayed_iput(), because the task_struct of the cleaner kthread was already freed. This can happen during unmount because we don't wait for any fixup workers still running before we call kthread_stop() against the cleaner kthread, which stops and free all its resources. Fix this by waiting for any fixup workers at close_ctree() before we call kthread_stop() against the cleaner and run pending delayed iputs. The stack traces reported by syzbot were the following: BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-fixup btrfs_work_helper Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154 btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842 btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:247 [inline] slab_post_alloc_hook mm/slub.c:4086 [inline] slab_alloc_node mm/slub.c:4135 [inline] kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1107 copy_process+0x5d1/0x3d50 kernel/fork.c:2206 kernel_clone+0x223/0x880 kernel/fork.c:2787 kernel_thread+0x1bc/0x240 kernel/fork.c:2849 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:765 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 61: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_h ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a71349b692ab34ea1…
	https://git.kernel.org/stable/c/70b60c8d9b42763d6…
	https://git.kernel.org/stable/c/4c98fe0dfa2ae83c4…
	https://git.kernel.org/stable/c/9da40aea63f8769f2…
	https://git.kernel.org/stable/c/ed87190e9d9c80aad…
	https://git.kernel.org/stable/c/bf0de0f9a0544c11f…
	https://git.kernel.org/stable/c/65d11eb276836d490…
	https://git.kernel.org/stable/c/41fd1e94066a815a7…

Impacted products

Vendor

Product

Version

Linux

Affected: 7a97311de48d56af6db4c5819f95faf9b0b23b1a , < a71349b692ab34ea197949e13e3cc42570fe73d9 (git)
Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 70b60c8d9b42763d6629e44f448aa5d8ae477d61 (git)
Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 4c98fe0dfa2ae83c4631699695506d8941db4bfe (git)
Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 9da40aea63f8769f28afb91aea0fac4cf6fbbb65 (git)
Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < ed87190e9d9c80aad220fb6b0b03a84d22e2c95b (git)
Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < bf0de0f9a0544c11f96f93206da04ab87dcea1f4 (git)
Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 65d11eb276836d49003a8060cf31fa2284ad1047 (git)
Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 41fd1e94066a815a7ab0a7025359e9b40e4b3576 (git)
Affected: 6026fd9da213daab95469356fe7fdcf29ae1a296 (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49867",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:47:28.241887Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:48:52.483Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:34.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a71349b692ab34ea197949e13e3cc42570fe73d9",
              "status": "affected",
              "version": "7a97311de48d56af6db4c5819f95faf9b0b23b1a",
              "versionType": "git"
            },
            {
              "lessThan": "70b60c8d9b42763d6629e44f448aa5d8ae477d61",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "4c98fe0dfa2ae83c4631699695506d8941db4bfe",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "9da40aea63f8769f28afb91aea0fac4cf6fbbb65",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "ed87190e9d9c80aad220fb6b0b03a84d22e2c95b",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "bf0de0f9a0544c11f96f93206da04ab87dcea1f4",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "65d11eb276836d49003a8060cf31fa2284ad1047",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "41fd1e94066a815a7ab0a7025359e9b40e4b3576",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "6026fd9da213daab95469356fe7fdcf29ae1a296",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "5.4.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: wait for fixup workers before stopping cleaner kthread during umount\n\nDuring unmount, at close_ctree(), we have the following steps in this order:\n\n1) Park the cleaner kthread - this doesn\u0027t destroy the kthread, it basically\n   halts its execution (wake ups against it work but do nothing);\n\n2) We stop the cleaner kthread - this results in freeing the respective\n   struct task_struct;\n\n3) We call btrfs_stop_all_workers() which waits for any jobs running in all\n   the work queues and then free the work queues.\n\nSyzbot reported a case where a fixup worker resulted in a crash when doing\na delayed iput on its inode while attempting to wake up the cleaner at\nbtrfs_add_delayed_iput(), because the task_struct of the cleaner kthread\nwas already freed. This can happen during unmount because we don\u0027t wait\nfor any fixup workers still running before we call kthread_stop() against\nthe cleaner kthread, which stops and free all its resources.\n\nFix this by waiting for any fixup workers at close_ctree() before we call\nkthread_stop() against the cleaner and run pending delayed iputs.\n\nThe stack traces reported by syzbot were the following:\n\n  BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n  Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52\n\n  CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n  Workqueue: btrfs-fixup btrfs_work_helper\n  Call Trace:\n   \u003cTASK\u003e\n   __dump_stack lib/dump_stack.c:94 [inline]\n   dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0x169/0x550 mm/kasan/report.c:488\n   kasan_report+0x143/0x180 mm/kasan/report.c:601\n   __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n   _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n   class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n   try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154\n   btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842\n   btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314\n   process_one_work kernel/workqueue.c:3229 [inline]\n   process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n   worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n   kthread+0x2f0/0x390 kernel/kthread.c:389\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n   \u003c/TASK\u003e\n\n  Allocated by task 2:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   unpoison_slab_object mm/kasan/common.c:319 [inline]\n   __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n   kasan_slab_alloc include/linux/kasan.h:247 [inline]\n   slab_post_alloc_hook mm/slub.c:4086 [inline]\n   slab_alloc_node mm/slub.c:4135 [inline]\n   kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187\n   alloc_task_struct_node kernel/fork.c:180 [inline]\n   dup_task_struct+0x57/0x8c0 kernel/fork.c:1107\n   copy_process+0x5d1/0x3d50 kernel/fork.c:2206\n   kernel_clone+0x223/0x880 kernel/fork.c:2787\n   kernel_thread+0x1bc/0x240 kernel/fork.c:2849\n   create_kthread kernel/kthread.c:412 [inline]\n   kthreadd+0x60d/0x810 kernel/kthread.c:765\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n  Freed by task 61:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n   poison_slab_object mm/kasan/common.c:247 [inline]\n   __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n   kasan_slab_free include/linux/kasan.h:230 [inline]\n   slab_free_h\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:54:09.222Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a71349b692ab34ea197949e13e3cc42570fe73d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/70b60c8d9b42763d6629e44f448aa5d8ae477d61"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c98fe0dfa2ae83c4631699695506d8941db4bfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/9da40aea63f8769f28afb91aea0fac4cf6fbbb65"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed87190e9d9c80aad220fb6b0b03a84d22e2c95b"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf0de0f9a0544c11f96f93206da04ab87dcea1f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/65d11eb276836d49003a8060cf31fa2284ad1047"
        },
        {
          "url": "https://git.kernel.org/stable/c/41fd1e94066a815a7ab0a7025359e9b40e4b3576"
        }
      ],
      "title": "btrfs: wait for fixup workers before stopping cleaner kthread during umount",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49867",
    "datePublished": "2024-10-21T18:01:09.962Z",
    "dateReserved": "2024-10-21T12:17:06.018Z",
    "dateUpdated": "2026-01-05T10:54:09.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49881 (GCVE-0-2024-49881)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22

Title

ext4: update orig_path in ext4_find_extent()

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent() In ext4_find_extent(), if the path is not big enough, we free it and set *orig_path to NULL. But after reallocating and successfully initializing the path, we don't update *orig_path, in which case the caller gets a valid path but a NULL ppath, and this may cause a NULL pointer dereference or a path memory leak. For example: ext4_split_extent path = *ppath = 2000 ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path = 2000); *orig_path = path = NULL; path = kcalloc() = 3000 ext4_split_extent_at(*ppath = NULL) path = *ppath; ex = path[depth].p_ext; // NULL pointer dereference! ================================================================== BUG: kernel NULL pointer dereference, address: 0000000000000010 CPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847 RIP: 0010:ext4_split_extent_at+0x6d/0x560 Call Trace: <TASK> ext4_split_extent.isra.0+0xcb/0x1b0 ext4_ext_convert_to_initialized+0x168/0x6c0 ext4_ext_handle_unwritten_extents+0x325/0x4d0 ext4_ext_map_blocks+0x520/0xdb0 ext4_map_blocks+0x2b0/0x690 ext4_iomap_begin+0x20e/0x2c0 [...] ================================================================== Therefore, *orig_path is updated when the extent lookup succeeds, so that the caller can safely use path or *ppath.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ec0c0beb9b777cdd1…
	https://git.kernel.org/stable/c/6766937d0327000ac…
	https://git.kernel.org/stable/c/a9fcb1717d75061d3…
	https://git.kernel.org/stable/c/6801ed1298204d16a…
	https://git.kernel.org/stable/c/f55ecc58d07a6c1f6…
	https://git.kernel.org/stable/c/b63481b3a388ee2df…
	https://git.kernel.org/stable/c/11b230100d6801c01…
	https://git.kernel.org/stable/c/5b4b2dcace35f618f…

Impacted products

Vendor

Product

Version

Linux

Affected: 10809df84a4d868db61af621bae3658494165279 , < ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff (git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < 6766937d0327000ac1b87c97bbecdd28b0dd6599 (git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < a9fcb1717d75061d3653ed69365c8d45331815cd (git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < 6801ed1298204d16a38571091e31178bfdc3c679 (git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2 (git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < b63481b3a388ee2df9e295f97273226140422a42 (git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < 11b230100d6801c014fab2afabc8bdea304c1b96 (git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < 5b4b2dcace35f618fe361a87bae6f0d13af31bc1 (git)

Linux

Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:45:38.096654Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:48:50.544Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:46.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/extents.c",
            "fs/ext4/move_extent.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff",
              "status": "affected",
              "version": "10809df84a4d868db61af621bae3658494165279",
              "versionType": "git"
            },
            {
              "lessThan": "6766937d0327000ac1b87c97bbecdd28b0dd6599",
              "status": "affected",
              "version": "10809df84a4d868db61af621bae3658494165279",
              "versionType": "git"
            },
            {
              "lessThan": "a9fcb1717d75061d3653ed69365c8d45331815cd",
              "status": "affected",
              "version": "10809df84a4d868db61af621bae3658494165279",
              "versionType": "git"
            },
            {
              "lessThan": "6801ed1298204d16a38571091e31178bfdc3c679",
              "status": "affected",
              "version": "10809df84a4d868db61af621bae3658494165279",
              "versionType": "git"
            },
            {
              "lessThan": "f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2",
              "status": "affected",
              "version": "10809df84a4d868db61af621bae3658494165279",
              "versionType": "git"
            },
            {
              "lessThan": "b63481b3a388ee2df9e295f97273226140422a42",
              "status": "affected",
              "version": "10809df84a4d868db61af621bae3658494165279",
              "versionType": "git"
            },
            {
              "lessThan": "11b230100d6801c014fab2afabc8bdea304c1b96",
              "status": "affected",
              "version": "10809df84a4d868db61af621bae3658494165279",
              "versionType": "git"
            },
            {
              "lessThan": "5b4b2dcace35f618fe361a87bae6f0d13af31bc1",
              "status": "affected",
              "version": "10809df84a4d868db61af621bae3658494165279",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/extents.c",
            "fs/ext4/move_extent.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update orig_path in ext4_find_extent()\n\nIn ext4_find_extent(), if the path is not big enough, we free it and set\n*orig_path to NULL. But after reallocating and successfully initializing\nthe path, we don\u0027t update *orig_path, in which case the caller gets a\nvalid path but a NULL ppath, and this may cause a NULL pointer dereference\nor a path memory leak. For example:\n\next4_split_extent\n  path = *ppath = 2000\n  ext4_find_extent\n    if (depth \u003e path[0].p_maxdepth)\n      kfree(path = 2000);\n      *orig_path = path = NULL;\n      path = kcalloc() = 3000\n  ext4_split_extent_at(*ppath = NULL)\n    path = *ppath;\n    ex = path[depth].p_ext;\n    // NULL pointer dereference!\n\n==================================================================\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nCPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847\nRIP: 0010:ext4_split_extent_at+0x6d/0x560\nCall Trace:\n \u003cTASK\u003e\n ext4_split_extent.isra.0+0xcb/0x1b0\n ext4_ext_convert_to_initialized+0x168/0x6c0\n ext4_ext_handle_unwritten_extents+0x325/0x4d0\n ext4_ext_map_blocks+0x520/0xdb0\n ext4_map_blocks+0x2b0/0x690\n ext4_iomap_begin+0x20e/0x2c0\n[...]\n==================================================================\n\nTherefore, *orig_path is updated when the extent lookup succeeds, so that\nthe caller can safely use path or *ppath."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:40:16.085Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff"
        },
        {
          "url": "https://git.kernel.org/stable/c/6766937d0327000ac1b87c97bbecdd28b0dd6599"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9fcb1717d75061d3653ed69365c8d45331815cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/6801ed1298204d16a38571091e31178bfdc3c679"
        },
        {
          "url": "https://git.kernel.org/stable/c/f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2"
        },
        {
          "url": "https://git.kernel.org/stable/c/b63481b3a388ee2df9e295f97273226140422a42"
        },
        {
          "url": "https://git.kernel.org/stable/c/11b230100d6801c014fab2afabc8bdea304c1b96"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b4b2dcace35f618fe361a87bae6f0d13af31bc1"
        }
      ],
      "title": "ext4: update orig_path in ext4_find_extent()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49881",
    "datePublished": "2024-10-21T18:01:19.478Z",
    "dateReserved": "2024-10-21T12:17:06.021Z",
    "dateUpdated": "2025-11-03T22:22:46.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56610 (GCVE-0-2024-56610)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:50

Title

kcsan: Turn report_filterlist_lock into a raw_spinlock

Summary

In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn report_filterlist_lock into a raw_spinlock Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240 | hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0 | softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60 | softirqs last disabled at (0): [<0000000000000000>] 0x0 | Preemption disabled at: | [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90 | CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 | Call Trace: | <IRQ> | dump_stack_lvl+0x7e/0xc0 | dump_stack+0x1d/0x30 | __might_resched+0x1a2/0x270 | rt_spin_lock+0x68/0x170 | kcsan_skip_report_debugfs+0x43/0xe0 | print_report+0xb5/0x590 | kcsan_report_known_origin+0x1b1/0x1d0 | kcsan_setup_watchpoint+0x348/0x650 | __tsan_unaligned_write1+0x16d/0x1d0 | hrtimer_interrupt+0x3d6/0x430 | __sysvec_apic_timer_interrupt+0xe8/0x3a0 | sysvec_apic_timer_interrupt+0x97/0xc0 | </IRQ> On a detected data race, KCSAN's reporting logic checks if it should filter the report. That list is protected by the report_filterlist_lock *non-raw* spinlock which may sleep on RT kernels. Since KCSAN may report data races in any context, convert it to a raw_spinlock. This requires being careful about when to allocate memory for the filter list itself which can be done via KCSAN's debugfs interface. Concurrent modification of the filter list via debugfs should be rare: the chosen strategy is to optimistically pre-allocate memory before the critical section and discard if unused.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f4f2ef66d288ea796…
	https://git.kernel.org/stable/c/ea6588abcc15d68fd…
	https://git.kernel.org/stable/c/0ab4951c1473c7d1c…
	https://git.kernel.org/stable/c/dca4e74a918586913…
	https://git.kernel.org/stable/c/889a0d3a35fdedba1…
	https://git.kernel.org/stable/c/59458fa4ddb47e789…

Impacted products

Vendor

Product

Version

Linux

Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < ea6588abcc15d68fdeae777ffe3dd74c02eab407 (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < 0ab4951c1473c7d1ceaf1232eb927109cd1c4859 (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < dca4e74a918586913d251c0b359e8cc96a3883ea (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < 889a0d3a35fdedba1c5dcb6410c95c32421680ec (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < 59458fa4ddb47e7891c61b4a928d13d5f5b00aa0 (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:58.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/kcsan/debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "ea6588abcc15d68fdeae777ffe3dd74c02eab407",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "0ab4951c1473c7d1ceaf1232eb927109cd1c4859",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "dca4e74a918586913d251c0b359e8cc96a3883ea",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "889a0d3a35fdedba1c5dcb6410c95c32421680ec",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "59458fa4ddb47e7891c61b4a928d13d5f5b00aa0",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/kcsan/debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcsan: Turn report_filterlist_lock into a raw_spinlock\n\nRan Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see\nsplats like:\n\n| BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n| in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n| preempt_count: 10002, expected: 0\n| RCU nest depth: 0, expected: 0\n| no locks held by swapper/1/0.\n| irq event stamp: 156674\n| hardirqs last  enabled at (156673): [\u003cffffffff81130bd9\u003e] do_idle+0x1f9/0x240\n| hardirqs last disabled at (156674): [\u003cffffffff82254f84\u003e] sysvec_apic_timer_interrupt+0x14/0xc0\n| softirqs last  enabled at (0): [\u003cffffffff81099f47\u003e] copy_process+0xfc7/0x4b60\n| softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n| Preemption disabled at:\n| [\u003cffffffff814a3e2a\u003e] paint_ptr+0x2a/0x90\n| CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3\n| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014\n| Call Trace:\n|  \u003cIRQ\u003e\n|  dump_stack_lvl+0x7e/0xc0\n|  dump_stack+0x1d/0x30\n|  __might_resched+0x1a2/0x270\n|  rt_spin_lock+0x68/0x170\n|  kcsan_skip_report_debugfs+0x43/0xe0\n|  print_report+0xb5/0x590\n|  kcsan_report_known_origin+0x1b1/0x1d0\n|  kcsan_setup_watchpoint+0x348/0x650\n|  __tsan_unaligned_write1+0x16d/0x1d0\n|  hrtimer_interrupt+0x3d6/0x430\n|  __sysvec_apic_timer_interrupt+0xe8/0x3a0\n|  sysvec_apic_timer_interrupt+0x97/0xc0\n|  \u003c/IRQ\u003e\n\nOn a detected data race, KCSAN\u0027s reporting logic checks if it should\nfilter the report. That list is protected by the report_filterlist_lock\n*non-raw* spinlock which may sleep on RT kernels.\n\nSince KCSAN may report data races in any context, convert it to a\nraw_spinlock.\n\nThis requires being careful about when to allocate memory for the filter\nlist itself which can be done via KCSAN\u0027s debugfs interface. Concurrent\nmodification of the filter list via debugfs should be rare: the chosen\nstrategy is to optimistically pre-allocate memory before the critical\nsection and discard if unused."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:59:47.459Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea6588abcc15d68fdeae777ffe3dd74c02eab407"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ab4951c1473c7d1ceaf1232eb927109cd1c4859"
        },
        {
          "url": "https://git.kernel.org/stable/c/dca4e74a918586913d251c0b359e8cc96a3883ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/889a0d3a35fdedba1c5dcb6410c95c32421680ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/59458fa4ddb47e7891c61b4a928d13d5f5b00aa0"
        }
      ],
      "title": "kcsan: Turn report_filterlist_lock into a raw_spinlock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56610",
    "datePublished": "2024-12-27T14:51:15.305Z",
    "dateReserved": "2024-12-27T14:03:06.013Z",
    "dateUpdated": "2025-11-03T20:50:58.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-48829 (GCVE-0-2022-48829)

Vulnerability from cvelistv5 – Published: 2024-07-16 11:44 – Updated: 2025-12-23 13:20

Title

NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes

Summary

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::ia_size is a loff_t, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64_max without corrupting the value. Silently capping the value results in storing a different value than the client passed in which is unexpected behavior, so remove the min_t() check in decode_sattr3(). Note that RFC 1813 permits only the WRITE procedure to return NFS3ERR_FBIG. We believe that NFSv3 reference implementations also return NFS3ERR_FBIG when ia_size is too large.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/72c14aed6838b5d90…
	https://git.kernel.org/stable/c/a231ae6bb50e7c0a9…
	https://git.kernel.org/stable/c/37f2d2cd8eadddbbd…
	https://git.kernel.org/stable/c/aa9051ddb4b378bd2…
	https://git.kernel.org/stable/c/a648fdeb7c0e17177…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 72c14aed6838b5d90b4dd926b6a339b34bb02e08 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 37f2d2cd8eadddbbd9c7bda327a9393399b2f89b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a648fdeb7c0e17177a2280344d015dba3fbe3314 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.295 , ≤ 5.4.* (semver)
Unaffected: 5.10.220 , ≤ 5.10.* (semver)
Unaffected: 5.15.24 , ≤ 5.15.* (semver)
Unaffected: 5.16.10 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48829",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:57:33.741233Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:11.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs3xdr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "72c14aed6838b5d90b4dd926b6a339b34bb02e08",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "37f2d2cd8eadddbbd9c7bda327a9393399b2f89b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a648fdeb7c0e17177a2280344d015dba3fbe3314",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs3xdr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.220",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.295",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.220",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.24",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix NFSv3 SETATTR/CREATE\u0027s handling of large file sizes\n\niattr::ia_size is a loff_t, so these NFSv3 procedures must be\ncareful to deal with incoming client size values that are larger\nthan s64_max without corrupting the value.\n\nSilently capping the value results in storing a different value\nthan the client passed in which is unexpected behavior, so remove\nthe min_t() check in decode_sattr3().\n\nNote that RFC 1813 permits only the WRITE procedure to return\nNFS3ERR_FBIG. We believe that NFSv3 reference implementations\nalso return NFS3ERR_FBIG when ia_size is too large."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:20:39.603Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/72c14aed6838b5d90b4dd926b6a339b34bb02e08"
        },
        {
          "url": "https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314"
        }
      ],
      "title": "NFSD: Fix NFSv3 SETATTR/CREATE\u0027s handling of large file sizes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48829",
    "datePublished": "2024-07-16T11:44:13.313Z",
    "dateReserved": "2024-07-16T11:38:08.903Z",
    "dateUpdated": "2025-12-23T13:20:39.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52809 (GCVE-0-2023-52809)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2026-01-05 10:17

Title

scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() fc_lport_ptp_setup() did not check the return value of fc_rport_create() which can return NULL and would cause a NULL pointer dereference. Address this issue by checking return value of fc_rport_create() and log error message on fc_rport_create() failed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/930f0aaba4820d636…
	https://git.kernel.org/stable/c/77072ec41d6ab3718…
	https://git.kernel.org/stable/c/b549acf999824d4f7…
	https://git.kernel.org/stable/c/bb83f79f90e92f464…
	https://git.kernel.org/stable/c/56d78b5495ebecbb9…
	https://git.kernel.org/stable/c/442fd24d7b6b29e4a…
	https://git.kernel.org/stable/c/f6fe7261b92b21109…
	https://git.kernel.org/stable/c/6b9ecf4e1032e6458…
	https://git.kernel.org/stable/c/4df105f0ce9f6f30c…

Impacted products

Vendor

Product

Version

Linux

Affected: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a , < 930f0aaba4820d6362de4e6ed569eaf444f1ea4e (git)
Affected: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a , < 77072ec41d6ab3718c3fc639bc149b8037caedfa (git)
Affected: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a , < b549acf999824d4f751ca57965700372f2f3ad00 (git)
Affected: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a , < bb83f79f90e92f46466adcfd4fd264a7ae0f0f01 (git)
Affected: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a , < 56d78b5495ebecbb9395101f3be177cd0a52450b (git)
Affected: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a , < 442fd24d7b6b29e4a9cd9225afba4142d5f522ba (git)
Affected: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a , < f6fe7261b92b21109678747f36df9fdab1e30c34 (git)
Affected: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a , < 6b9ecf4e1032e645873933e5b43cbb84cac19106 (git)
Affected: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a , < 4df105f0ce9f6f30cda4e99f577150d23f0c9c5f (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.14.331 , ≤ 4.14.* (semver)
Unaffected: 4.19.300 , ≤ 4.19.* (semver)
Unaffected: 5.4.262 , ≤ 5.4.* (semver)
Unaffected: 5.10.202 , ≤ 5.10.* (semver)
Unaffected: 5.15.140 , ≤ 5.15.* (semver)
Unaffected: 6.1.64 , ≤ 6.1.* (semver)
Unaffected: 6.5.13 , ≤ 6.5.* (semver)
Unaffected: 6.6.3 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/930f0aaba4820d6362de4e6ed569eaf444f1ea4e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77072ec41d6ab3718c3fc639bc149b8037caedfa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b549acf999824d4f751ca57965700372f2f3ad00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb83f79f90e92f46466adcfd4fd264a7ae0f0f01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56d78b5495ebecbb9395101f3be177cd0a52450b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6fe7261b92b21109678747f36df9fdab1e30c34"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b9ecf4e1032e645873933e5b43cbb84cac19106"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4df105f0ce9f6f30cda4e99f577150d23f0c9c5f"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52809",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:36:44.046464Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:54.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/libfc/fc_lport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "930f0aaba4820d6362de4e6ed569eaf444f1ea4e",
              "status": "affected",
              "version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
              "versionType": "git"
            },
            {
              "lessThan": "77072ec41d6ab3718c3fc639bc149b8037caedfa",
              "status": "affected",
              "version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
              "versionType": "git"
            },
            {
              "lessThan": "b549acf999824d4f751ca57965700372f2f3ad00",
              "status": "affected",
              "version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
              "versionType": "git"
            },
            {
              "lessThan": "bb83f79f90e92f46466adcfd4fd264a7ae0f0f01",
              "status": "affected",
              "version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
              "versionType": "git"
            },
            {
              "lessThan": "56d78b5495ebecbb9395101f3be177cd0a52450b",
              "status": "affected",
              "version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
              "versionType": "git"
            },
            {
              "lessThan": "442fd24d7b6b29e4a9cd9225afba4142d5f522ba",
              "status": "affected",
              "version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
              "versionType": "git"
            },
            {
              "lessThan": "f6fe7261b92b21109678747f36df9fdab1e30c34",
              "status": "affected",
              "version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
              "versionType": "git"
            },
            {
              "lessThan": "6b9ecf4e1032e645873933e5b43cbb84cac19106",
              "status": "affected",
              "version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
              "versionType": "git"
            },
            {
              "lessThan": "4df105f0ce9f6f30cda4e99f577150d23f0c9c5f",
              "status": "affected",
              "version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/libfc/fc_lport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.331",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.300",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.331",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.300",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.262",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.202",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.140",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.64",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.13",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()\n\nfc_lport_ptp_setup() did not check the return value of fc_rport_create()\nwhich can return NULL and would cause a NULL pointer dereference. Address\nthis issue by checking return value of fc_rport_create() and log error\nmessage on fc_rport_create() failed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:17:23.298Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/930f0aaba4820d6362de4e6ed569eaf444f1ea4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/77072ec41d6ab3718c3fc639bc149b8037caedfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/b549acf999824d4f751ca57965700372f2f3ad00"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb83f79f90e92f46466adcfd4fd264a7ae0f0f01"
        },
        {
          "url": "https://git.kernel.org/stable/c/56d78b5495ebecbb9395101f3be177cd0a52450b"
        },
        {
          "url": "https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6fe7261b92b21109678747f36df9fdab1e30c34"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b9ecf4e1032e645873933e5b43cbb84cac19106"
        },
        {
          "url": "https://git.kernel.org/stable/c/4df105f0ce9f6f30cda4e99f577150d23f0c9c5f"
        }
      ],
      "title": "scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52809",
    "datePublished": "2024-05-21T15:31:18.982Z",
    "dateReserved": "2024-05-21T15:19:24.248Z",
    "dateUpdated": "2026-01-05T10:17:23.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-39198 (GCVE-0-2023-39198)

Vulnerability from cvelistv5 – Published: 2023-11-09 19:15 – Updated: 2025-11-06 19:47

Title

Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()

Summary

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:2394	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2950	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3138	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-39198	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2218332	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-553.rt7.342.el8_10 , < * (rpm)
cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/a:redhat:enterprise_linux:8::realtime

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-553.el8_10 , < * (rpm) cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-427.13.1.el9_4 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::realtime cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-427.13.1.el9_4 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::realtime cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T03:55:52.570322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T13:53:12.378Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:02:05.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2394"
          },
          {
            "name": "RHSA-2024:2950",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2950"
          },
          {
            "name": "RHSA-2024:3138",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3138"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-39198"
          },
          {
            "name": "RHBZ#2218332",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218332"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::nfv",
            "cpe:/a:redhat:enterprise_linux:8::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-553.rt7.342.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-553.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-427.13.1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-427.13.1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-08-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T19:47:48.676Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2394"
        },
        {
          "name": "RHSA-2024:2950",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2950"
        },
        {
          "name": "RHSA-2024:3138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3138"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-39198"
        },
        {
          "name": "RHBZ#2218332",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218332"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-06-28T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-08-17T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-362-\u003eCWE-416: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Use After Free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-39198",
    "datePublished": "2023-11-09T19:15:47.605Z",
    "dateReserved": "2023-07-25T17:04:34.810Z",
    "dateUpdated": "2025-11-06T19:47:48.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35835 (GCVE-0-2024-35835)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:02 – Updated: 2025-05-04 09:06

Title

net/mlx5e: fix a double-free in arfs_create_groups

Summary

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When `in` allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error. However, arfs_create_table, the only caller of arfs_create_groups, will hold this error and call to mlx5e_destroy_flow_table, in which the ft->g will be freed again.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e3d3ed8c152971dbe…
	https://git.kernel.org/stable/c/2501afe6c4c9829d0…
	https://git.kernel.org/stable/c/cf116d9c3c2aebd65…
	https://git.kernel.org/stable/c/c57ca114eb00e0327…
	https://git.kernel.org/stable/c/42876db001bbea755…
	https://git.kernel.org/stable/c/b21db3f1ab7967a81…
	https://git.kernel.org/stable/c/66cc521a739ccd5da…
	https://git.kernel.org/stable/c/3c6d5189246f590e4…

Impacted products

Vendor

Product

Version

Linux

Affected: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c , < e3d3ed8c152971dbe64c92c9ecb98fdb52abb629 (git)
Affected: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c , < 2501afe6c4c9829d03abe9a368b83d9ea1b611b7 (git)
Affected: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c , < cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5 (git)
Affected: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c , < c57ca114eb00e03274dd38108d07a3750fa3c056 (git)
Affected: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c , < 42876db001bbea7558e8676d1019f08f9390addb (git)
Affected: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c , < b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7 (git)
Affected: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c , < 66cc521a739ccd5da057a1cb3d6346c6d0e7619b (git)
Affected: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c , < 3c6d5189246f590e4e1f167991558bdb72a4738b (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.76 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35835",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T17:01:13.319923Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T21:08:42.977Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d0e7619b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c6d5189246f590e4e1f167991558bdb72a4738b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e3d3ed8c152971dbe64c92c9ecb98fdb52abb629",
              "status": "affected",
              "version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
              "versionType": "git"
            },
            {
              "lessThan": "2501afe6c4c9829d03abe9a368b83d9ea1b611b7",
              "status": "affected",
              "version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
              "versionType": "git"
            },
            {
              "lessThan": "cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5",
              "status": "affected",
              "version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
              "versionType": "git"
            },
            {
              "lessThan": "c57ca114eb00e03274dd38108d07a3750fa3c056",
              "status": "affected",
              "version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
              "versionType": "git"
            },
            {
              "lessThan": "42876db001bbea7558e8676d1019f08f9390addb",
              "status": "affected",
              "version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
              "versionType": "git"
            },
            {
              "lessThan": "b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7",
              "status": "affected",
              "version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
              "versionType": "git"
            },
            {
              "lessThan": "66cc521a739ccd5da057a1cb3d6346c6d0e7619b",
              "status": "affected",
              "version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
              "versionType": "git"
            },
            {
              "lessThan": "3c6d5189246f590e4e1f167991558bdb72a4738b",
              "status": "affected",
              "version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix a double-free in arfs_create_groups\n\nWhen `in` allocated by kvzalloc fails, arfs_create_groups will free\nft-\u003eg and return an error. However, arfs_create_table, the only caller of\narfs_create_groups, will hold this error and call to\nmlx5e_destroy_flow_table, in which the ft-\u003eg will be freed again."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:28.425Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629"
        },
        {
          "url": "https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056"
        },
        {
          "url": "https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb"
        },
        {
          "url": "https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d0e7619b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c6d5189246f590e4e1f167991558bdb72a4738b"
        }
      ],
      "title": "net/mlx5e: fix a double-free in arfs_create_groups",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35835",
    "datePublished": "2024-05-17T14:02:23.469Z",
    "dateReserved": "2024-05-17T13:50:33.103Z",
    "dateUpdated": "2025-05-04T09:06:28.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26702 (GCVE-0-2024-26702)

Vulnerability from cvelistv5 – Published: 2024-04-03 14:55 – Updated: 2025-05-04 08:54

Title

iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC

Summary

In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying hardware failures). Add boundary check to prevent out of bound access.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7200170e88e3ec54d…
	https://git.kernel.org/stable/c/36a49290d7e6d5540…
	https://git.kernel.org/stable/c/8d5838a473e8e6d81…
	https://git.kernel.org/stable/c/176256ff8abff2933…
	https://git.kernel.org/stable/c/1d8c67e94e9e97760…
	https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c…
	https://git.kernel.org/stable/c/792595bab4925aa06…

Impacted products

Vendor

Product

Version

Linux

Affected: 121354b2eceb2669ebdffa76b105ad6c03413966 , < 7200170e88e3ec54d9e9c63f07514c3cead11481 (git)
Affected: 121354b2eceb2669ebdffa76b105ad6c03413966 , < 36a49290d7e6d554020057a409747a092b1d3b56 (git)
Affected: 121354b2eceb2669ebdffa76b105ad6c03413966 , < 8d5838a473e8e6d812257c69745f5920e4924a60 (git)
Affected: 121354b2eceb2669ebdffa76b105ad6c03413966 , < 176256ff8abff29335ecff905a09fb49e8dcf513 (git)
Affected: 121354b2eceb2669ebdffa76b105ad6c03413966 , < 1d8c67e94e9e977603473a543d4f322cf2c4aa01 (git)
Affected: 121354b2eceb2669ebdffa76b105ad6c03413966 , < 57d05dbbcd0b3dc0c252103b43012eef5d6430d1 (git)
Affected: 121354b2eceb2669ebdffa76b105ad6c03413966 , < 792595bab4925aa06532a14dd256db523eb4fa5e (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26702",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-04T15:20:17.184977Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:06:19.230Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/magnetometer/rm3100-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7200170e88e3ec54d9e9c63f07514c3cead11481",
              "status": "affected",
              "version": "121354b2eceb2669ebdffa76b105ad6c03413966",
              "versionType": "git"
            },
            {
              "lessThan": "36a49290d7e6d554020057a409747a092b1d3b56",
              "status": "affected",
              "version": "121354b2eceb2669ebdffa76b105ad6c03413966",
              "versionType": "git"
            },
            {
              "lessThan": "8d5838a473e8e6d812257c69745f5920e4924a60",
              "status": "affected",
              "version": "121354b2eceb2669ebdffa76b105ad6c03413966",
              "versionType": "git"
            },
            {
              "lessThan": "176256ff8abff29335ecff905a09fb49e8dcf513",
              "status": "affected",
              "version": "121354b2eceb2669ebdffa76b105ad6c03413966",
              "versionType": "git"
            },
            {
              "lessThan": "1d8c67e94e9e977603473a543d4f322cf2c4aa01",
              "status": "affected",
              "version": "121354b2eceb2669ebdffa76b105ad6c03413966",
              "versionType": "git"
            },
            {
              "lessThan": "57d05dbbcd0b3dc0c252103b43012eef5d6430d1",
              "status": "affected",
              "version": "121354b2eceb2669ebdffa76b105ad6c03413966",
              "versionType": "git"
            },
            {
              "lessThan": "792595bab4925aa06532a14dd256db523eb4fa5e",
              "status": "affected",
              "version": "121354b2eceb2669ebdffa76b105ad6c03413966",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/magnetometer/rm3100-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC\n\nRecently, we encounter kernel crash in function rm3100_common_probe\ncaused by out of bound access of array rm3100_samp_rates (because of\nunderlying hardware failures). Add boundary check to prevent out of\nbound access."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:54:24.314Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481"
        },
        {
          "url": "https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60"
        },
        {
          "url": "https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01"
        },
        {
          "url": "https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5e"
        }
      ],
      "title": "iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26702",
    "datePublished": "2024-04-03T14:55:01.025Z",
    "dateReserved": "2024-02-19T14:20:24.157Z",
    "dateUpdated": "2025-05-04T08:54:24.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52791 (GCVE-0-2023-52791)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2025-05-04 07:43

Title

i2c: core: Run atomic i2c xfer when !preemptible

Summary

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for the DMA). panic() calls preempt_disable_notrace() before calling emergency_restart(). Therefore, if an i2c device is used for the restart, the xfer should be atomic. This avoids warnings like: [ 12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0 [ 12.676926] Voluntary context switch within RCU read-side critical section! ... [ 12.742376] schedule_timeout from wait_for_completion_timeout+0x90/0x114 [ 12.749179] wait_for_completion_timeout from tegra_i2c_wait_completion+0x40/0x70 ... [ 12.994527] atomic_notifier_call_chain from machine_restart+0x34/0x58 [ 13.001050] machine_restart from panic+0x2a8/0x32c Use !preemptible() instead, which is basically the same check as pre-v5.2.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/25eb381a736e7ae39…
	https://git.kernel.org/stable/c/25284c46b657f48c0…
	https://git.kernel.org/stable/c/f6237afabc349c1c7…
	https://git.kernel.org/stable/c/185f3617adc8fe45e…
	https://git.kernel.org/stable/c/8c3fa52a46ff4d208…
	https://git.kernel.org/stable/c/3473cf43b9068b9df…
	https://git.kernel.org/stable/c/aa49c90894d06e18a…

Impacted products

Vendor

Product

Version

Linux

Affected: bae1d3a05a8b99bd748168bbf8155a1d047c562e , < 25eb381a736e7ae39a4245ef5c96484eb1073809 (git)
Affected: bae1d3a05a8b99bd748168bbf8155a1d047c562e , < 25284c46b657f48c0f3880a2e0706c70d81182c0 (git)
Affected: bae1d3a05a8b99bd748168bbf8155a1d047c562e , < f6237afabc349c1c7909db00e15d2816519e0d2b (git)
Affected: bae1d3a05a8b99bd748168bbf8155a1d047c562e , < 185f3617adc8fe45e40489b458f03911f0dec46c (git)
Affected: bae1d3a05a8b99bd748168bbf8155a1d047c562e , < 8c3fa52a46ff4d208cefb1a462ec94e0043a91e1 (git)
Affected: bae1d3a05a8b99bd748168bbf8155a1d047c562e , < 3473cf43b9068b9dfef2f545f833f33c6a544b91 (git)
Affected: bae1d3a05a8b99bd748168bbf8155a1d047c562e , < aa49c90894d06e18a1ee7c095edbd2f37c232d02 (git)

Linux

Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.4.262 , ≤ 5.4.* (semver)
Unaffected: 5.10.202 , ≤ 5.10.* (semver)
Unaffected: 5.15.140 , ≤ 5.15.* (semver)
Unaffected: 6.1.64 , ≤ 6.1.* (semver)
Unaffected: 6.5.13 , ≤ 6.5.* (semver)
Unaffected: 6.6.3 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:36:52.732311Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:37:13.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37c232d02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "25eb381a736e7ae39a4245ef5c96484eb1073809",
              "status": "affected",
              "version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
              "versionType": "git"
            },
            {
              "lessThan": "25284c46b657f48c0f3880a2e0706c70d81182c0",
              "status": "affected",
              "version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
              "versionType": "git"
            },
            {
              "lessThan": "f6237afabc349c1c7909db00e15d2816519e0d2b",
              "status": "affected",
              "version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
              "versionType": "git"
            },
            {
              "lessThan": "185f3617adc8fe45e40489b458f03911f0dec46c",
              "status": "affected",
              "version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
              "versionType": "git"
            },
            {
              "lessThan": "8c3fa52a46ff4d208cefb1a462ec94e0043a91e1",
              "status": "affected",
              "version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
              "versionType": "git"
            },
            {
              "lessThan": "3473cf43b9068b9dfef2f545f833f33c6a544b91",
              "status": "affected",
              "version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
              "versionType": "git"
            },
            {
              "lessThan": "aa49c90894d06e18a1ee7c095edbd2f37c232d02",
              "status": "affected",
              "version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.262",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.202",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.140",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.64",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.13",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: core: Run atomic i2c xfer when !preemptible\n\nSince bae1d3a05a8b, i2c transfers are non-atomic if preemption is\ndisabled. However, non-atomic i2c transfers require preemption (e.g. in\nwait_for_completion() while waiting for the DMA).\n\npanic() calls preempt_disable_notrace() before calling\nemergency_restart(). Therefore, if an i2c device is used for the\nrestart, the xfer should be atomic. This avoids warnings like:\n\n[   12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0\n[   12.676926] Voluntary context switch within RCU read-side critical section!\n...\n[   12.742376]  schedule_timeout from wait_for_completion_timeout+0x90/0x114\n[   12.749179]  wait_for_completion_timeout from tegra_i2c_wait_completion+0x40/0x70\n...\n[   12.994527]  atomic_notifier_call_chain from machine_restart+0x34/0x58\n[   13.001050]  machine_restart from panic+0x2a8/0x32c\n\nUse !preemptible() instead, which is basically the same check as\npre-v5.2."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:43:16.771Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809"
        },
        {
          "url": "https://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37c232d02"
        }
      ],
      "title": "i2c: core: Run atomic i2c xfer when !preemptible",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52791",
    "datePublished": "2024-05-21T15:31:06.997Z",
    "dateReserved": "2024-05-21T15:19:24.241Z",
    "dateUpdated": "2025-05-04T07:43:16.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49890 (GCVE-0-2024-49890)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22

Title

drm/amd/pm: ensure the fw_info is not null before using it

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/29f388945770bd0a6…
	https://git.kernel.org/stable/c/9550d8d6f19fac762…
	https://git.kernel.org/stable/c/fd5f4ac1a986f0e7e…
	https://git.kernel.org/stable/c/b511474f49588cdca…
	https://git.kernel.org/stable/c/8adf4408d482faa51…
	https://git.kernel.org/stable/c/016bf0294b4012464…
	https://git.kernel.org/stable/c/186fb12e7a7b038c2…

Impacted products

Vendor

Product

Version

Linux

Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 29f388945770bd0a6c82711436b2bc98b0dfac92 (git)
Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 9550d8d6f19fac7623f044ae8d9503825b325497 (git)
Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < fd5f4ac1a986f0e7e9fa019201b5890554f87bcf (git)
Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < b511474f49588cdca355ebfce54e7eddbf7b75a5 (git)
Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 8adf4408d482faa51b2c14e60bfd9946ec1911a4 (git)
Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 016bf0294b401246471c6710c6bf9251616228b6 (git)
Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 186fb12e7a7b038c2710ceb2fb74068f1b5d55a4 (git)

Linux

Affected: 4.5
Unaffected: 0 , < 4.5 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:44:27.910484Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:48:49.185Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:55.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "29f388945770bd0a6c82711436b2bc98b0dfac92",
              "status": "affected",
              "version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
              "versionType": "git"
            },
            {
              "lessThan": "9550d8d6f19fac7623f044ae8d9503825b325497",
              "status": "affected",
              "version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
              "versionType": "git"
            },
            {
              "lessThan": "fd5f4ac1a986f0e7e9fa019201b5890554f87bcf",
              "status": "affected",
              "version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
              "versionType": "git"
            },
            {
              "lessThan": "b511474f49588cdca355ebfce54e7eddbf7b75a5",
              "status": "affected",
              "version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
              "versionType": "git"
            },
            {
              "lessThan": "8adf4408d482faa51b2c14e60bfd9946ec1911a4",
              "status": "affected",
              "version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
              "versionType": "git"
            },
            {
              "lessThan": "016bf0294b401246471c6710c6bf9251616228b6",
              "status": "affected",
              "version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
              "versionType": "git"
            },
            {
              "lessThan": "186fb12e7a7b038c2710ceb2fb74068f1b5d55a4",
              "status": "affected",
              "version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: ensure the fw_info is not null before using it\n\nThis resolves the dereference null return value warning\nreported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:18.406Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/29f388945770bd0a6c82711436b2bc98b0dfac92"
        },
        {
          "url": "https://git.kernel.org/stable/c/9550d8d6f19fac7623f044ae8d9503825b325497"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd5f4ac1a986f0e7e9fa019201b5890554f87bcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/b511474f49588cdca355ebfce54e7eddbf7b75a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/8adf4408d482faa51b2c14e60bfd9946ec1911a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/016bf0294b401246471c6710c6bf9251616228b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/186fb12e7a7b038c2710ceb2fb74068f1b5d55a4"
        }
      ],
      "title": "drm/amd/pm: ensure the fw_info is not null before using it",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49890",
    "datePublished": "2024-10-21T18:01:25.634Z",
    "dateReserved": "2024-10-21T12:17:06.025Z",
    "dateUpdated": "2025-11-03T22:22:55.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47692 (GCVE-0-2024-47692)

Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:20

Title

nfsd: return -EINVAL when namelen is 0

Summary

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR. When we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered. [ T1205] ================================================================== [ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260 [ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205 [ T1205] [ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406 [ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014 [ T1205] Call Trace: [ T1205] dump_stack+0x9a/0xd0 [ T1205] ? nfs4_client_to_reclaim+0xe9/0x260 [ T1205] __kasan_report.cold+0x34/0x84 [ T1205] ? nfs4_client_to_reclaim+0xe9/0x260 [ T1205] kasan_report+0x3a/0x50 [ T1205] nfs4_client_to_reclaim+0xe9/0x260 [ T1205] ? nfsd4_release_lockowner+0x410/0x410 [ T1205] cld_pipe_downcall+0x5ca/0x760 [ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0 [ T1205] ? down_write_killable_nested+0x170/0x170 [ T1205] ? avc_policy_seqno+0x28/0x40 [ T1205] ? selinux_file_permission+0x1b4/0x1e0 [ T1205] rpc_pipe_write+0x84/0xb0 [ T1205] vfs_write+0x143/0x520 [ T1205] ksys_write+0xc9/0x170 [ T1205] ? __ia32_sys_read+0x50/0x50 [ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110 [ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110 [ T1205] do_syscall_64+0x33/0x40 [ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ T1205] RIP: 0033:0x7fdbdb761bc7 [ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 514 [ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7 [ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008 [ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001 [ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b [ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000 [ T1205] ================================================================== Fix it by checking namelen.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6d07040ae5c2214e3…
	https://git.kernel.org/stable/c/0f1d007bbea38a61c…
	https://git.kernel.org/stable/c/b7b7a8df41ef18862…
	https://git.kernel.org/stable/c/84a563d136faf514f…
	https://git.kernel.org/stable/c/318f70857caab3da9…
	https://git.kernel.org/stable/c/766d5fbd78f7a52b3…
	https://git.kernel.org/stable/c/1ff8be8d008b9ddc8…
	https://git.kernel.org/stable/c/22451a16b7ab7debe…

Impacted products

Vendor

Product

Version

Linux

Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 6d07040ae5c2214e39c7444d898039c9e655a79a (git)
Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 0f1d007bbea38a61cf9c5392708dc70ae9d84a3d (git)
Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < b7b7a8df41ef18862dd6b22289fb46c2c12398af (git)
Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 84a563d136faf514fdad1ade28d7a142fd313cb8 (git)
Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 318f70857caab3da9a6ada9bc8c1f4f7591b695e (git)
Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 766d5fbd78f7a52b3888449a0358760477b74602 (git)
Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 1ff8be8d008b9ddc8e7043fbddd37d5d451b271b (git)
Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 22451a16b7ab7debefce660672566be887db1637 (git)

Linux

Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.54 , ≤ 6.6.* (semver)
Unaffected: 6.10.13 , ≤ 6.10.* (semver)
Unaffected: 6.11.2 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47692",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T13:05:46.297189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:14:14.991Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:20:56.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs4recover.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6d07040ae5c2214e39c7444d898039c9e655a79a",
              "status": "affected",
              "version": "74725959c33c14114fdce1e36e3504d106584d53",
              "versionType": "git"
            },
            {
              "lessThan": "0f1d007bbea38a61cf9c5392708dc70ae9d84a3d",
              "status": "affected",
              "version": "74725959c33c14114fdce1e36e3504d106584d53",
              "versionType": "git"
            },
            {
              "lessThan": "b7b7a8df41ef18862dd6b22289fb46c2c12398af",
              "status": "affected",
              "version": "74725959c33c14114fdce1e36e3504d106584d53",
              "versionType": "git"
            },
            {
              "lessThan": "84a563d136faf514fdad1ade28d7a142fd313cb8",
              "status": "affected",
              "version": "74725959c33c14114fdce1e36e3504d106584d53",
              "versionType": "git"
            },
            {
              "lessThan": "318f70857caab3da9a6ada9bc8c1f4f7591b695e",
              "status": "affected",
              "version": "74725959c33c14114fdce1e36e3504d106584d53",
              "versionType": "git"
            },
            {
              "lessThan": "766d5fbd78f7a52b3888449a0358760477b74602",
              "status": "affected",
              "version": "74725959c33c14114fdce1e36e3504d106584d53",
              "versionType": "git"
            },
            {
              "lessThan": "1ff8be8d008b9ddc8e7043fbddd37d5d451b271b",
              "status": "affected",
              "version": "74725959c33c14114fdce1e36e3504d106584d53",
              "versionType": "git"
            },
            {
              "lessThan": "22451a16b7ab7debefce660672566be887db1637",
              "status": "affected",
              "version": "74725959c33c14114fdce1e36e3504d106584d53",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs4recover.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: return -EINVAL when namelen is 0\n\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may\nresult in namelen being 0, which will cause memdup_user() to return\nZERO_SIZE_PTR.\nWhen we access the name.data that has been assigned the value of\nZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is\ntriggered.\n\n[ T1205] ==================================================================\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\n[ T1205]\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\n[ T1205] Call Trace:\n[ T1205]  dump_stack+0x9a/0xd0\n[ T1205]  ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205]  __kasan_report.cold+0x34/0x84\n[ T1205]  ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205]  kasan_report+0x3a/0x50\n[ T1205]  nfs4_client_to_reclaim+0xe9/0x260\n[ T1205]  ? nfsd4_release_lockowner+0x410/0x410\n[ T1205]  cld_pipe_downcall+0x5ca/0x760\n[ T1205]  ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\n[ T1205]  ? down_write_killable_nested+0x170/0x170\n[ T1205]  ? avc_policy_seqno+0x28/0x40\n[ T1205]  ? selinux_file_permission+0x1b4/0x1e0\n[ T1205]  rpc_pipe_write+0x84/0xb0\n[ T1205]  vfs_write+0x143/0x520\n[ T1205]  ksys_write+0xc9/0x170\n[ T1205]  ? __ia32_sys_read+0x50/0x50\n[ T1205]  ? ktime_get_coarse_real_ts64+0xfe/0x110\n[ T1205]  ? ktime_get_coarse_real_ts64+0xa2/0x110\n[ T1205]  do_syscall_64+0x33/0x40\n[ T1205]  entry_SYSCALL_64_after_hwframe+0x67/0xd1\n[ T1205] RIP: 0033:0x7fdbdb761bc7\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 514\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\n[ T1205] ==================================================================\n\nFix it by checking namelen."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:37:29.902Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6d07040ae5c2214e39c7444d898039c9e655a79a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f1d007bbea38a61cf9c5392708dc70ae9d84a3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7b7a8df41ef18862dd6b22289fb46c2c12398af"
        },
        {
          "url": "https://git.kernel.org/stable/c/84a563d136faf514fdad1ade28d7a142fd313cb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/318f70857caab3da9a6ada9bc8c1f4f7591b695e"
        },
        {
          "url": "https://git.kernel.org/stable/c/766d5fbd78f7a52b3888449a0358760477b74602"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ff8be8d008b9ddc8e7043fbddd37d5d451b271b"
        },
        {
          "url": "https://git.kernel.org/stable/c/22451a16b7ab7debefce660672566be887db1637"
        }
      ],
      "title": "nfsd: return -EINVAL when namelen is 0",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47692",
    "datePublished": "2024-10-21T11:53:31.238Z",
    "dateReserved": "2024-09-30T16:00:12.942Z",
    "dateUpdated": "2025-11-03T22:20:56.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56630 (GCVE-0-2024-56630)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:51

Title

ocfs2: free inode when ocfs2_get_init_inode() fails

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2_get_init_inode() fails syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when new_inode() succeeded and dquot_initialize() failed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/911fcc95b530615b4…
	https://git.kernel.org/stable/c/9c19ea59965ebb482…
	https://git.kernel.org/stable/c/c5327720a4655303f…
	https://git.kernel.org/stable/c/67c2c6d0564ca0534…
	https://git.kernel.org/stable/c/a84d507d3290aca24…
	https://git.kernel.org/stable/c/03db61c43c8e27298…
	https://git.kernel.org/stable/c/965b5dd1894f4525f…

Impacted products

Vendor

Product

Version

Linux

Affected: 9c89fe0af826bfff36d8019ea6fd78db09b3c478 , < 911fcc95b530615b484e8920741fc5e4bc4e684a (git)
Affected: 9c89fe0af826bfff36d8019ea6fd78db09b3c478 , < 9c19ea59965ebb482e227532f7bbb01792fb028c (git)
Affected: 9c89fe0af826bfff36d8019ea6fd78db09b3c478 , < c5327720a4655303ffa3f632d86ee205dd783f32 (git)
Affected: 9c89fe0af826bfff36d8019ea6fd78db09b3c478 , < 67c2c6d0564ca05348ba4f8f6eaf7a0713f56c15 (git)
Affected: 9c89fe0af826bfff36d8019ea6fd78db09b3c478 , < a84d507d3290aca249b44ae992af9e10590cc5f6 (git)
Affected: 9c89fe0af826bfff36d8019ea6fd78db09b3c478 , < 03db61c43c8e2729896fda6b9a95c7fb5c875c20 (git)
Affected: 9c89fe0af826bfff36d8019ea6fd78db09b3c478 , < 965b5dd1894f4525f38c1b5f99b0106a07dbb5db (git)

Linux

Affected: 4.3
Unaffected: 0 , < 4.3 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:24.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "911fcc95b530615b484e8920741fc5e4bc4e684a",
              "status": "affected",
              "version": "9c89fe0af826bfff36d8019ea6fd78db09b3c478",
              "versionType": "git"
            },
            {
              "lessThan": "9c19ea59965ebb482e227532f7bbb01792fb028c",
              "status": "affected",
              "version": "9c89fe0af826bfff36d8019ea6fd78db09b3c478",
              "versionType": "git"
            },
            {
              "lessThan": "c5327720a4655303ffa3f632d86ee205dd783f32",
              "status": "affected",
              "version": "9c89fe0af826bfff36d8019ea6fd78db09b3c478",
              "versionType": "git"
            },
            {
              "lessThan": "67c2c6d0564ca05348ba4f8f6eaf7a0713f56c15",
              "status": "affected",
              "version": "9c89fe0af826bfff36d8019ea6fd78db09b3c478",
              "versionType": "git"
            },
            {
              "lessThan": "a84d507d3290aca249b44ae992af9e10590cc5f6",
              "status": "affected",
              "version": "9c89fe0af826bfff36d8019ea6fd78db09b3c478",
              "versionType": "git"
            },
            {
              "lessThan": "03db61c43c8e2729896fda6b9a95c7fb5c875c20",
              "status": "affected",
              "version": "9c89fe0af826bfff36d8019ea6fd78db09b3c478",
              "versionType": "git"
            },
            {
              "lessThan": "965b5dd1894f4525f38c1b5f99b0106a07dbb5db",
              "status": "affected",
              "version": "9c89fe0af826bfff36d8019ea6fd78db09b3c478",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: free inode when ocfs2_get_init_inode() fails\n\nsyzbot is reporting busy inodes after unmount, for commit 9c89fe0af826\n(\"ocfs2: Handle error from dquot_initialize()\") forgot to call iput() when\nnew_inode() succeeded and dquot_initialize() failed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:27.408Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/911fcc95b530615b484e8920741fc5e4bc4e684a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c19ea59965ebb482e227532f7bbb01792fb028c"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5327720a4655303ffa3f632d86ee205dd783f32"
        },
        {
          "url": "https://git.kernel.org/stable/c/67c2c6d0564ca05348ba4f8f6eaf7a0713f56c15"
        },
        {
          "url": "https://git.kernel.org/stable/c/a84d507d3290aca249b44ae992af9e10590cc5f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/03db61c43c8e2729896fda6b9a95c7fb5c875c20"
        },
        {
          "url": "https://git.kernel.org/stable/c/965b5dd1894f4525f38c1b5f99b0106a07dbb5db"
        }
      ],
      "title": "ocfs2: free inode when ocfs2_get_init_inode() fails",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56630",
    "datePublished": "2024-12-27T14:51:37.240Z",
    "dateReserved": "2024-12-27T14:03:06.018Z",
    "dateUpdated": "2025-11-03T20:51:24.013Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36938 (GCVE-0-2024-36938)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 09:12

Title

bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue write to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1: sk_psock_stop_verdict net/core/skmsg.c:1257 [inline] sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843 sk_psock_put include/linux/skmsg.h:459 [inline] sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648 unix_release+0x4b/0x80 net/unix/af_unix.c:1048 __sock_release net/socket.c:659 [inline] sock_close+0x68/0x150 net/socket.c:1421 __fput+0x2c1/0x660 fs/file_table.c:422 __fput_sync+0x44/0x60 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close+0x101/0x1b0 fs/open.c:1541 __x64_sys_close+0x1f/0x30 fs/open.c:1541 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 read to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0: sk_psock_data_ready include/linux/skmsg.h:464 [inline] sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555 sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606 sk_psock_verdict_apply net/core/skmsg.c:1008 [inline] sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202 unix_read_skb net/unix/af_unix.c:2546 [inline] unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682 sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223 unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x140/0x180 net/socket.c:745 ____sys_sendmsg+0x312/0x410 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x1e9/0x280 net/socket.c:2667 __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 value changed: 0xffffffff83d7feb0 -> 0x0000000000000000 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G W 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Prior to this, commit 4cd12c6065df ("bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()") fixed one NULL pointer similarly due to no protection of saved_data_ready. Here is another different caller causing the same issue because of the same reason. So we should protect it with sk_callback_lock read lock because the writer side in the sk_psock_drop() uses "write_lock_bh(&sk->sk_callback_lock);". To avoid errors that could happen in future, I move those two pairs of lock into the sk_psock_data_ready(), which is suggested by John Fastabend.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c0809c128dad4c341…
	https://git.kernel.org/stable/c/5965bc7535fb87510…
	https://git.kernel.org/stable/c/39dc9e1442385d6e9…
	https://git.kernel.org/stable/c/b397a0ab8582c533e…
	https://git.kernel.org/stable/c/772d5729b5ff0df0d…
	https://git.kernel.org/stable/c/6648e613226e18897…

Impacted products

Vendor

Product

Version

Linux

Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < c0809c128dad4c3413818384eb06a341633db973 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 5965bc7535fb87510b724e5465ccc1a1cf00916d (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 39dc9e1442385d6e9be0b6491ee488dddd55ae27 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < b397a0ab8582c533ec0c6b732392f141fc364f87 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 772d5729b5ff0df0d37b32db600ce635b2172f80 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 6648e613226e18897231ab5e42ffc29e63fa3365 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T15:38:33.489892Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:04.434Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/skmsg.h",
            "net/core/skmsg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c0809c128dad4c3413818384eb06a341633db973",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "5965bc7535fb87510b724e5465ccc1a1cf00916d",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "39dc9e1442385d6e9be0b6491ee488dddd55ae27",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "b397a0ab8582c533ec0c6b732392f141fc364f87",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "772d5729b5ff0df0d37b32db600ce635b2172f80",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "6648e613226e18897231ab5e42ffc29e63fa3365",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/skmsg.h",
            "net/core/skmsg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue\n\nFix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which\nsyzbot reported [1].\n\n[1]\nBUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue\n\nwrite to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1:\n sk_psock_stop_verdict net/core/skmsg.c:1257 [inline]\n sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843\n sk_psock_put include/linux/skmsg.h:459 [inline]\n sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648\n unix_release+0x4b/0x80 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0x68/0x150 net/socket.c:1421\n __fput+0x2c1/0x660 fs/file_table.c:422\n __fput_sync+0x44/0x60 fs/file_table.c:507\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close+0x101/0x1b0 fs/open.c:1541\n __x64_sys_close+0x1f/0x30 fs/open.c:1541\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0:\n sk_psock_data_ready include/linux/skmsg.h:464 [inline]\n sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555\n sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606\n sk_psock_verdict_apply net/core/skmsg.c:1008 [inline]\n sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202\n unix_read_skb net/unix/af_unix.c:2546 [inline]\n unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682\n sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223\n unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x140/0x180 net/socket.c:745\n ____sys_sendmsg+0x312/0x410 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x1e9/0x280 net/socket.c:2667\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nvalue changed: 0xffffffff83d7feb0 -\u003e 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G        W          6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\n\nPrior to this, commit 4cd12c6065df (\"bpf, sockmap: Fix NULL pointer\ndereference in sk_psock_verdict_data_ready()\") fixed one NULL pointer\nsimilarly due to no protection of saved_data_ready. Here is another\ndifferent caller causing the same issue because of the same reason. So\nwe should protect it with sk_callback_lock read lock because the writer\nside in the sk_psock_drop() uses \"write_lock_bh(\u0026sk-\u003esk_callback_lock);\".\n\nTo avoid errors that could happen in future, I move those two pairs of\nlock into the sk_psock_data_ready(), which is suggested by John Fastabend."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:27.522Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973"
        },
        {
          "url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
        },
        {
          "url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
        },
        {
          "url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
        },
        {
          "url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
        },
        {
          "url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
        }
      ],
      "title": "bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36938",
    "datePublished": "2024-05-30T15:29:26.929Z",
    "dateReserved": "2024-05-30T15:25:07.071Z",
    "dateUpdated": "2025-05-04T09:12:27.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42224 (GCVE-0-2024-42224)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2025-11-03 22:02

Title

net: dsa: mv88e6xxx: Correct check for empty list

Summary

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/47d28dde172696031…
	https://git.kernel.org/stable/c/3bf8d70e1455f8785…
	https://git.kernel.org/stable/c/2a2fe25a103cef73c…
	https://git.kernel.org/stable/c/8c2c3cca816d074c7…
	https://git.kernel.org/stable/c/aa03f591ef31ba603…
	https://git.kernel.org/stable/c/3f25b5f1635449036…
	https://git.kernel.org/stable/c/f75625db838ade28f…
	https://git.kernel.org/stable/c/4c7f3950a9fd53a62…

Impacted products

Vendor

Product

Version

Linux

Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 47d28dde172696031c880c5778633cdca30394ee (git)
Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 3bf8d70e1455f87856640c3433b3660a31001618 (git)
Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 2a2fe25a103cef73cde356e6d09da10f607e93f5 (git)
Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 8c2c3cca816d074c75a2801d1ca0dea7b0148114 (git)
Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < aa03f591ef31ba603a4a99d05d25a0f21ab1cd89 (git)
Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 3f25b5f1635449036692a44b771f39f772190c1d (git)
Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < f75625db838ade28f032dacd0f0c8baca42ecde4 (git)
Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:27.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42224",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:14:41.449489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:33.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/mv88e6xxx/chip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "47d28dde172696031c880c5778633cdca30394ee",
              "status": "affected",
              "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
              "versionType": "git"
            },
            {
              "lessThan": "3bf8d70e1455f87856640c3433b3660a31001618",
              "status": "affected",
              "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
              "versionType": "git"
            },
            {
              "lessThan": "2a2fe25a103cef73cde356e6d09da10f607e93f5",
              "status": "affected",
              "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
              "versionType": "git"
            },
            {
              "lessThan": "8c2c3cca816d074c75a2801d1ca0dea7b0148114",
              "status": "affected",
              "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
              "versionType": "git"
            },
            {
              "lessThan": "aa03f591ef31ba603a4a99d05d25a0f21ab1cd89",
              "status": "affected",
              "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
              "versionType": "git"
            },
            {
              "lessThan": "3f25b5f1635449036692a44b771f39f772190c1d",
              "status": "affected",
              "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
              "versionType": "git"
            },
            {
              "lessThan": "f75625db838ade28f032dacd0f0c8baca42ecde4",
              "status": "affected",
              "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
              "versionType": "git"
            },
            {
              "lessThan": "4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b",
              "status": "affected",
              "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/mv88e6xxx/chip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip-\u003emdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:05.119Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b"
        }
      ],
      "title": "net: dsa: mv88e6xxx: Correct check for empty list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42224",
    "datePublished": "2024-07-30T07:47:05.608Z",
    "dateReserved": "2024-07-30T07:40:12.250Z",
    "dateUpdated": "2025-11-03T22:02:27.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50089 (GCVE-0-2024-50089)

Vulnerability from cvelistv5 – Published: 2024-11-05 17:04 – Updated: 2024-12-12 15:19

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-12-12T15:19:37.149Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50089",
    "datePublished": "2024-11-05T17:04:53.777Z",
    "dateRejected": "2024-12-12T15:19:37.149Z",
    "dateReserved": "2024-10-21T19:36:19.942Z",
    "dateUpdated": "2024-12-12T15:19:37.149Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52917 (GCVE-0-2023-52917)

Vulnerability from cvelistv5 – Published: 2024-10-21 12:13 – Updated: 2025-03-03 08:12

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-03-03T08:12:05.224Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52917",
    "datePublished": "2024-10-21T12:13:56.253Z",
    "dateRejected": "2025-03-03T08:12:05.224Z",
    "dateReserved": "2024-08-21T06:07:11.017Z",
    "dateUpdated": "2025-03-03T08:12:05.224Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46745 (GCVE-0-2024-46745)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-01-05 10:53

Title

Input: uinput - reject requests with unreasonable number of slots

Summary

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9c6d189f0c1c59ba9…
	https://git.kernel.org/stable/c/597ff930296c4c8fc…
	https://git.kernel.org/stable/c/51fa08edd80003db7…
	https://git.kernel.org/stable/c/9719687398dea8a6a…
	https://git.kernel.org/stable/c/61df76619e270a46f…
	https://git.kernel.org/stable/c/a4858b00a1ec57043…
	https://git.kernel.org/stable/c/d76fc0f0b18d49b7e…
	https://git.kernel.org/stable/c/206f533a0a7c68398…

Impacted products

Vendor

Product

Version

Linux

Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 597ff930296c4c8fc6b6a536884d4f1a7187ec70 (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 51fa08edd80003db700bdaa099385c5900d27f4b (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 9719687398dea8a6a12a10321a54dd75eec7ab2d (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 61df76619e270a46fd427fbdeb670ad491c42de2 (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < a4858b00a1ec57043697fb935565fe267f161833 (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7 (git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 206f533a0a7c683982af473079c4111f4a0f9f5e (git)

Linux

Affected: 2.6.36
Unaffected: 0 , < 2.6.36 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46745",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:49:11.611047Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:49:25.877Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:38.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/misc/uinput.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "597ff930296c4c8fc6b6a536884d4f1a7187ec70",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "51fa08edd80003db700bdaa099385c5900d27f4b",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "9719687398dea8a6a12a10321a54dd75eec7ab2d",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "61df76619e270a46fd427fbdeb670ad491c42de2",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "a4858b00a1ec57043697fb935565fe267f161833",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            },
            {
              "lessThan": "206f533a0a7c683982af473079c4111f4a0f9f5e",
              "status": "affected",
              "version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/misc/uinput.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.36"
            },
            {
              "lessThan": "2.6.36",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:02.966Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b"
        },
        {
          "url": "https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70"
        },
        {
          "url": "https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833"
        },
        {
          "url": "https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e"
        }
      ],
      "title": "Input: uinput - reject requests with unreasonable number of slots",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46745",
    "datePublished": "2024-09-18T07:12:05.798Z",
    "dateReserved": "2024-09-11T15:12:18.266Z",
    "dateUpdated": "2026-01-05T10:53:02.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53158 (GCVE-0-2024-53158)

Vulnerability from cvelistv5 – Published: 2024-12-24 11:28 – Updated: 2025-11-03 20:46

Title

soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()

Summary

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/37cdd4f0c266560b7…
	https://git.kernel.org/stable/c/7a3465b79ef0539aa…
	https://git.kernel.org/stable/c/748557ca7dc94695a…
	https://git.kernel.org/stable/c/f4b7bf5a50f1fa255…
	https://git.kernel.org/stable/c/b0a9c6ccaf88c4701…
	https://git.kernel.org/stable/c/c24e019ca12d9ec81…
	https://git.kernel.org/stable/c/56eda41dcce0ec4d3…
	https://git.kernel.org/stable/c/351bb7f9ecb9d1f09…
	https://git.kernel.org/stable/c/78261cb08f06c93d3…

Impacted products

Vendor

Product

Version

Linux

Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 37cdd4f0c266560b7b924c42361eeae3dc5f0c3e (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 7a3465b79ef0539aa10b310ac3cc35e0ae25b79e (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 748557ca7dc94695a6e209eb68fce365da9a3bb3 (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < f4b7bf5a50f1fa25560f0b66a13563465542861b (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < b0a9c6ccaf88c4701787f61ecd2ec0eb014a0677 (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < c24e019ca12d9ec814af04b30a64dd7173fb20fe (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 56eda41dcce0ec4d3418b4f85037bdea181486cc (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 351bb7f9ecb9d1f09bd7767491a2b8d07f4f1ea4 (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 78261cb08f06c93d362cab5c5034bf5899bc7552 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:09:29.207001Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:08.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:49.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/qcom/qcom-geni-se.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "37cdd4f0c266560b7b924c42361eeae3dc5f0c3e",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "7a3465b79ef0539aa10b310ac3cc35e0ae25b79e",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "748557ca7dc94695a6e209eb68fce365da9a3bb3",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "f4b7bf5a50f1fa25560f0b66a13563465542861b",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "b0a9c6ccaf88c4701787f61ecd2ec0eb014a0677",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "c24e019ca12d9ec814af04b30a64dd7173fb20fe",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "56eda41dcce0ec4d3418b4f85037bdea181486cc",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "351bb7f9ecb9d1f09bd7767491a2b8d07f4f1ea4",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "78261cb08f06c93d362cab5c5034bf5899bc7552",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/qcom/qcom-geni-se.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()\n\nThis loop is supposed to break if the frequency returned from\nclk_round_rate() is the same as on the previous iteration.  However,\nthat check doesn\u0027t make sense on the first iteration through the loop.\nIt leads to reading before the start of these-\u003eclk_perf_tbl[] array."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:31.758Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/37cdd4f0c266560b7b924c42361eeae3dc5f0c3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a3465b79ef0539aa10b310ac3cc35e0ae25b79e"
        },
        {
          "url": "https://git.kernel.org/stable/c/748557ca7dc94695a6e209eb68fce365da9a3bb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4b7bf5a50f1fa25560f0b66a13563465542861b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0a9c6ccaf88c4701787f61ecd2ec0eb014a0677"
        },
        {
          "url": "https://git.kernel.org/stable/c/c24e019ca12d9ec814af04b30a64dd7173fb20fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/56eda41dcce0ec4d3418b4f85037bdea181486cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/351bb7f9ecb9d1f09bd7767491a2b8d07f4f1ea4"
        },
        {
          "url": "https://git.kernel.org/stable/c/78261cb08f06c93d362cab5c5034bf5899bc7552"
        }
      ],
      "title": "soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53158",
    "datePublished": "2024-12-24T11:28:57.160Z",
    "dateReserved": "2024-11-19T17:17:25.001Z",
    "dateUpdated": "2025-11-03T20:46:49.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-51781 (GCVE-0-2023-51781)

Vulnerability from cvelistv5 – Published: 2023-12-25 00:00 – Updated: 2024-08-02 22:48

Summary

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v6.x/Chan…
	https://github.com/torvalds/linux/commit/189ff167…
	https://lists.debian.org/debian-lts-announce/2024…	mailing-list
	https://lists.debian.org/debian-lts-announce/2024…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:48:11.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T21:06:24.776598",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-51781",
    "datePublished": "2023-12-25T00:00:00",
    "dateReserved": "2023-12-25T00:00:00",
    "dateUpdated": "2024-08-02T22:48:11.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50251 (GCVE-0-2024-50251)

Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2025-11-03 22:27

Title

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a661ed364ae6ae88c…
	https://git.kernel.org/stable/c/ac7df3fc80fc82bcc…
	https://git.kernel.org/stable/c/e3e608cbad376674d…
	https://git.kernel.org/stable/c/b1d2de8a669fa14c4…
	https://git.kernel.org/stable/c/d3217323525f75964…
	https://git.kernel.org/stable/c/0ab3be58b45b99676…
	https://git.kernel.org/stable/c/c43e0ea848e7b9bef…
	https://git.kernel.org/stable/c/d5953d680f7e96208…

Impacted products

Vendor

Product

Version

Linux

Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < a661ed364ae6ae88c2fafa9ddc27df1af2a73701 (git)
Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534 (git)
Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < e3e608cbad376674d19a71ccd0d41804d9393f02 (git)
Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < b1d2de8a669fa14c499a385e056944d5352b3b40 (git)
Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < d3217323525f7596427124359e76ea0d8fcc9874 (git)
Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < 0ab3be58b45b996764aba0187b46de19b3e58a72 (git)
Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < c43e0ea848e7b9bef7a682cbc5608022d6d29d7b (git)
Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < d5953d680f7e96208c29ce4139a0e38de87a57fe (git)

Linux

Affected: 4.5
Unaffected: 0 , < 4.5 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.229 , ≤ 5.10.* (semver)
Unaffected: 5.15.171 , ≤ 5.15.* (semver)
Unaffected: 6.1.116 , ≤ 6.1.* (semver)
Unaffected: 6.6.60 , ≤ 6.6.* (semver)
Unaffected: 6.11.7 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:27:31.759Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/slavin-ayu/CVE-2024-50251-PoC"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_payload.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a661ed364ae6ae88c2fafa9ddc27df1af2a73701",
              "status": "affected",
              "version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
              "versionType": "git"
            },
            {
              "lessThan": "ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534",
              "status": "affected",
              "version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
              "versionType": "git"
            },
            {
              "lessThan": "e3e608cbad376674d19a71ccd0d41804d9393f02",
              "status": "affected",
              "version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
              "versionType": "git"
            },
            {
              "lessThan": "b1d2de8a669fa14c499a385e056944d5352b3b40",
              "status": "affected",
              "version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
              "versionType": "git"
            },
            {
              "lessThan": "d3217323525f7596427124359e76ea0d8fcc9874",
              "status": "affected",
              "version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
              "versionType": "git"
            },
            {
              "lessThan": "0ab3be58b45b996764aba0187b46de19b3e58a72",
              "status": "affected",
              "version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
              "versionType": "git"
            },
            {
              "lessThan": "c43e0ea848e7b9bef7a682cbc5608022d6d29d7b",
              "status": "affected",
              "version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
              "versionType": "git"
            },
            {
              "lessThan": "d5953d680f7e96208c29ce4139a0e38de87a57fe",
              "status": "affected",
              "version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_payload.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.171",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.116",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.60",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.229",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.171",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.116",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.60",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.7",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:49:54.874Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72"
        },
        {
          "url": "https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe"
        }
      ],
      "title": "netfilter: nft_payload: sanitize offset and length before calling skb_checksum()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50251",
    "datePublished": "2024-11-09T10:14:59.820Z",
    "dateReserved": "2024-10-21T19:36:19.979Z",
    "dateUpdated": "2025-11-03T22:27:31.759Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26788 (GCVE-0-2024-26788)

Vulnerability from cvelistv5 – Published: 2024-04-04 08:20 – Updated: 2025-05-04 08:56

Title

dmaengine: fsl-qdma: init irq after reg initialization

Summary

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi_irq+0xc8/0x178 generic_handle_irq+0x24/0x38 __handle_domain_irq+0x90/0x100 gic_handle_irq+0x5c/0xb8 el1_irq+0xb8/0x180 _raw_spin_unlock_irqrestore+0x14/0x40 __setup_irq+0x4bc/0x798 request_threaded_irq+0xd8/0x190 devm_request_threaded_irq+0x74/0xe8 fsl_qdma_probe+0x4d4/0xca8 platform_drv_probe+0x50/0xa0 really_probe+0xe0/0x3f8 driver_probe_device+0x64/0x130 device_driver_attach+0x6c/0x78 __driver_attach+0xbc/0x158 bus_for_each_dev+0x5c/0x98 driver_attach+0x20/0x28 bus_add_driver+0x158/0x220 driver_register+0x60/0x110 __platform_driver_register+0x44/0x50 fsl_qdma_driver_init+0x18/0x20 do_one_initcall+0x48/0x258 kernel_init_freeable+0x1a4/0x23c kernel_init+0x10/0xf8 ret_from_fork+0x10/0x18

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3cc5fb824c2125aa3…
	https://git.kernel.org/stable/c/9579a21e99fe8dab2…
	https://git.kernel.org/stable/c/4529c084a320be78f…
	https://git.kernel.org/stable/c/474d521da890b3e35…
	https://git.kernel.org/stable/c/a69c8bbb946936ac4…
	https://git.kernel.org/stable/c/677102a930643c31f…
	https://git.kernel.org/stable/c/87a39071e0b639f45…

Impacted products

Vendor

Product

Version

Linux

Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 3cc5fb824c2125aa3740d905b3e5b378c8a09478 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 9579a21e99fe8dab22a253050ddff28d340d74e1 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 4529c084a320be78ff2c5e64297ae998c6fdf66b (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 474d521da890b3e3585335fb80a6044cb2553d99 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < a69c8bbb946936ac4eb6a6ae1e849435aa8d947d (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 677102a930643c31f1b4c512b041407058bdfef8 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 87a39071e0b639f45e05d296cc0538eef44ec0bd (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-04T15:30:20.690408Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:46.809Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/fsl-qdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3cc5fb824c2125aa3740d905b3e5b378c8a09478",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "9579a21e99fe8dab22a253050ddff28d340d74e1",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "4529c084a320be78ff2c5e64297ae998c6fdf66b",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "474d521da890b3e3585335fb80a6044cb2553d99",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "a69c8bbb946936ac4eb6a6ae1e849435aa8d947d",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "677102a930643c31f1b4c512b041407058bdfef8",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "87a39071e0b639f45e05d296cc0538eef44ec0bd",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/fsl-qdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: init irq after reg initialization\n\nInitialize the qDMA irqs after the registers are configured so that\ninterrupts that may have been pending from a primary kernel don\u0027t get\nprocessed by the irq handler before it is ready to and cause panic with\nthe following trace:\n\n  Call trace:\n   fsl_qdma_queue_handler+0xf8/0x3e8\n   __handle_irq_event_percpu+0x78/0x2b0\n   handle_irq_event_percpu+0x1c/0x68\n   handle_irq_event+0x44/0x78\n   handle_fasteoi_irq+0xc8/0x178\n   generic_handle_irq+0x24/0x38\n   __handle_domain_irq+0x90/0x100\n   gic_handle_irq+0x5c/0xb8\n   el1_irq+0xb8/0x180\n   _raw_spin_unlock_irqrestore+0x14/0x40\n   __setup_irq+0x4bc/0x798\n   request_threaded_irq+0xd8/0x190\n   devm_request_threaded_irq+0x74/0xe8\n   fsl_qdma_probe+0x4d4/0xca8\n   platform_drv_probe+0x50/0xa0\n   really_probe+0xe0/0x3f8\n   driver_probe_device+0x64/0x130\n   device_driver_attach+0x6c/0x78\n   __driver_attach+0xbc/0x158\n   bus_for_each_dev+0x5c/0x98\n   driver_attach+0x20/0x28\n   bus_add_driver+0x158/0x220\n   driver_register+0x60/0x110\n   __platform_driver_register+0x44/0x50\n   fsl_qdma_driver_init+0x18/0x20\n   do_one_initcall+0x48/0x258\n   kernel_init_freeable+0x1a4/0x23c\n   kernel_init+0x10/0xf8\n   ret_from_fork+0x10/0x18"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:56:32.671Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478"
        },
        {
          "url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b"
        },
        {
          "url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99"
        },
        {
          "url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d"
        },
        {
          "url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8"
        },
        {
          "url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd"
        }
      ],
      "title": "dmaengine: fsl-qdma: init irq after reg initialization",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26788",
    "datePublished": "2024-04-04T08:20:20.410Z",
    "dateReserved": "2024-02-19T14:20:24.178Z",
    "dateUpdated": "2025-05-04T08:56:32.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40976 (GCVE-0-2024-40976)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2025-11-03 21:58

Title

drm/lima: mask irqs in timeout path before hard reset

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/lima: mask irqs in timeout path before hard reset There is a race condition in which a rendering job might take just long enough to trigger the drm sched job timeout handler but also still complete before the hard reset is done by the timeout handler. This runs into race conditions not expected by the timeout handler. In some very specific cases it currently may result in a refcount imbalance on lima_pm_idle, with a stack dump such as: [10136.669170] WARNING: CPU: 0 PID: 0 at drivers/gpu/drm/lima/lima_devfreq.c:205 lima_devfreq_record_idle+0xa0/0xb0 ... [10136.669459] pc : lima_devfreq_record_idle+0xa0/0xb0 ... [10136.669628] Call trace: [10136.669634] lima_devfreq_record_idle+0xa0/0xb0 [10136.669646] lima_sched_pipe_task_done+0x5c/0xb0 [10136.669656] lima_gp_irq_handler+0xa8/0x120 [10136.669666] __handle_irq_event_percpu+0x48/0x160 [10136.669679] handle_irq_event+0x4c/0xc0 We can prevent that race condition entirely by masking the irqs at the beginning of the timeout handler, at which point we give up on waiting for that job entirely. The irqs will be enabled again at the next hard reset which is already done as a recovery by the timeout handler.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/03e7b2f7ae4c0ae5f…
	https://git.kernel.org/stable/c/70aa1f2dec46b6fdb…
	https://git.kernel.org/stable/c/9fd8ddd23793a50db…
	https://git.kernel.org/stable/c/bdbc4ca77f5eaac15…
	https://git.kernel.org/stable/c/58bfd311c93d66d82…
	https://git.kernel.org/stable/c/a421cc7a6a001b704…

Impacted products

Vendor

Product

Version

Linux

Affected: a1d2a6339961efc078208dc3b2f006e9e9a8e119 , < 03e7b2f7ae4c0ae5fb8e4e2454ba4008877f196a (git)
Affected: a1d2a6339961efc078208dc3b2f006e9e9a8e119 , < 70aa1f2dec46b6fdb5f6b9f37b6bfa4a4dee0d3a (git)
Affected: a1d2a6339961efc078208dc3b2f006e9e9a8e119 , < 9fd8ddd23793a50dbcd11c6ba51f437f1ea7d344 (git)
Affected: a1d2a6339961efc078208dc3b2f006e9e9a8e119 , < bdbc4ca77f5eaac15de7230814253cddfed273b1 (git)
Affected: a1d2a6339961efc078208dc3b2f006e9e9a8e119 , < 58bfd311c93d66d8282bf21ebbf35cc3bb8ad9db (git)
Affected: a1d2a6339961efc078208dc3b2f006e9e9a8e119 , < a421cc7a6a001b70415aa4f66024fa6178885a14 (git)

Linux

Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:40.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03e7b2f7ae4c0ae5fb8e4e2454ba4008877f196a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70aa1f2dec46b6fdb5f6b9f37b6bfa4a4dee0d3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9fd8ddd23793a50dbcd11c6ba51f437f1ea7d344"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bdbc4ca77f5eaac15de7230814253cddfed273b1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58bfd311c93d66d8282bf21ebbf35cc3bb8ad9db"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a421cc7a6a001b70415aa4f66024fa6178885a14"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:02:37.570914Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:21.987Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/lima/lima_sched.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "03e7b2f7ae4c0ae5fb8e4e2454ba4008877f196a",
              "status": "affected",
              "version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
              "versionType": "git"
            },
            {
              "lessThan": "70aa1f2dec46b6fdb5f6b9f37b6bfa4a4dee0d3a",
              "status": "affected",
              "version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
              "versionType": "git"
            },
            {
              "lessThan": "9fd8ddd23793a50dbcd11c6ba51f437f1ea7d344",
              "status": "affected",
              "version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
              "versionType": "git"
            },
            {
              "lessThan": "bdbc4ca77f5eaac15de7230814253cddfed273b1",
              "status": "affected",
              "version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
              "versionType": "git"
            },
            {
              "lessThan": "58bfd311c93d66d8282bf21ebbf35cc3bb8ad9db",
              "status": "affected",
              "version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
              "versionType": "git"
            },
            {
              "lessThan": "a421cc7a6a001b70415aa4f66024fa6178885a14",
              "status": "affected",
              "version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/lima/lima_sched.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: mask irqs in timeout path before hard reset\n\nThere is a race condition in which a rendering job might take just long\nenough to trigger the drm sched job timeout handler but also still\ncomplete before the hard reset is done by the timeout handler.\nThis runs into race conditions not expected by the timeout handler.\nIn some very specific cases it currently may result in a refcount\nimbalance on lima_pm_idle, with a stack dump such as:\n\n[10136.669170] WARNING: CPU: 0 PID: 0 at drivers/gpu/drm/lima/lima_devfreq.c:205 lima_devfreq_record_idle+0xa0/0xb0\n...\n[10136.669459] pc : lima_devfreq_record_idle+0xa0/0xb0\n...\n[10136.669628] Call trace:\n[10136.669634]  lima_devfreq_record_idle+0xa0/0xb0\n[10136.669646]  lima_sched_pipe_task_done+0x5c/0xb0\n[10136.669656]  lima_gp_irq_handler+0xa8/0x120\n[10136.669666]  __handle_irq_event_percpu+0x48/0x160\n[10136.669679]  handle_irq_event+0x4c/0xc0\n\nWe can prevent that race condition entirely by masking the irqs at the\nbeginning of the timeout handler, at which point we give up on waiting\nfor that job entirely.\nThe irqs will be enabled again at the next hard reset which is already\ndone as a recovery by the timeout handler."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T11:16:33.132Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/03e7b2f7ae4c0ae5fb8e4e2454ba4008877f196a"
        },
        {
          "url": "https://git.kernel.org/stable/c/70aa1f2dec46b6fdb5f6b9f37b6bfa4a4dee0d3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9fd8ddd23793a50dbcd11c6ba51f437f1ea7d344"
        },
        {
          "url": "https://git.kernel.org/stable/c/bdbc4ca77f5eaac15de7230814253cddfed273b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/58bfd311c93d66d8282bf21ebbf35cc3bb8ad9db"
        },
        {
          "url": "https://git.kernel.org/stable/c/a421cc7a6a001b70415aa4f66024fa6178885a14"
        }
      ],
      "title": "drm/lima: mask irqs in timeout path before hard reset",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40976",
    "datePublished": "2024-07-12T12:32:12.782Z",
    "dateReserved": "2024-07-12T12:17:45.603Z",
    "dateUpdated": "2025-11-03T21:58:40.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56615 (GCVE-0-2024-56615)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:51

Title

bpf: fix OOB devmap writes when deleting elements

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes. Fix is simple as changing the type from int to u32, however, when compared to XSKMAP case, one more thing needs to be addressed. When map is released from system via dev_map_free(), we iterate through all of the entries and an iterator variable is also an int, which implies OOB accesses. Again, change it to be u32. Example splat below: [ 160.724676] BUG: unable to handle page fault for address: ffffc8fc2c001000 [ 160.731662] #PF: supervisor read access in kernel mode [ 160.736876] #PF: error_code(0x0000) - not-present page [ 160.742095] PGD 0 P4D 0 [ 160.744678] Oops: Oops: 0000 [#1] PREEMPT SMP [ 160.749106] CPU: 1 UID: 0 PID: 520 Comm: kworker/u145:12 Not tainted 6.12.0-rc1+ #487 [ 160.757050] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [ 160.767642] Workqueue: events_unbound bpf_map_free_deferred [ 160.773308] RIP: 0010:dev_map_free+0x77/0x170 [ 160.777735] Code: 00 e8 fd 91 ed ff e8 b8 73 ed ff 41 83 7d 18 19 74 6e 41 8b 45 24 49 8b bd f8 00 00 00 31 db 85 c0 74 48 48 63 c3 48 8d 04 c7 <48> 8b 28 48 85 ed 74 30 48 8b 7d 18 48 85 ff 74 05 e8 b3 52 fa ff [ 160.796777] RSP: 0018:ffffc9000ee1fe38 EFLAGS: 00010202 [ 160.802086] RAX: ffffc8fc2c001000 RBX: 0000000080000000 RCX: 0000000000000024 [ 160.809331] RDX: 0000000000000000 RSI: 0000000000000024 RDI: ffffc9002c001000 [ 160.816576] RBP: 0000000000000000 R08: 0000000000000023 R09: 0000000000000001 [ 160.823823] R10: 0000000000000001 R11: 00000000000ee6b2 R12: dead000000000122 [ 160.831066] R13: ffff88810c928e00 R14: ffff8881002df405 R15: 0000000000000000 [ 160.838310] FS: 0000000000000000(0000) GS:ffff8897e0c40000(0000) knlGS:0000000000000000 [ 160.846528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 160.852357] CR2: ffffc8fc2c001000 CR3: 0000000005c32006 CR4: 00000000007726f0 [ 160.859604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 160.866847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 160.874092] PKRU: 55555554 [ 160.876847] Call Trace: [ 160.879338] <TASK> [ 160.881477] ? __die+0x20/0x60 [ 160.884586] ? page_fault_oops+0x15a/0x450 [ 160.888746] ? search_extable+0x22/0x30 [ 160.892647] ? search_bpf_extables+0x5f/0x80 [ 160.896988] ? exc_page_fault+0xa9/0x140 [ 160.900973] ? asm_exc_page_fault+0x22/0x30 [ 160.905232] ? dev_map_free+0x77/0x170 [ 160.909043] ? dev_map_free+0x58/0x170 [ 160.912857] bpf_map_free_deferred+0x51/0x90 [ 160.917196] process_one_work+0x142/0x370 [ 160.921272] worker_thread+0x29e/0x3b0 [ 160.925082] ? rescuer_thread+0x4b0/0x4b0 [ 160.929157] kthread+0xd4/0x110 [ 160.932355] ? kthread_park+0x80/0x80 [ 160.936079] ret_from_fork+0x2d/0x50 [ 160.943396] ? kthread_park+0x80/0x80 [ 160.950803] ret_from_fork_asm+0x11/0x20 [ 160.958482] </TASK>

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0f170e91d3063ca60…
	https://git.kernel.org/stable/c/70f3de869865f9c3d…
	https://git.kernel.org/stable/c/ad34306ac6836e5dd…
	https://git.kernel.org/stable/c/98c03d05936d84607…
	https://git.kernel.org/stable/c/8e858930695d3ebec…
	https://git.kernel.org/stable/c/178e31df1fb3d9e08…
	https://git.kernel.org/stable/c/ab244dd7cf4c291f8…

Impacted products

Vendor

Product

Version

Linux

Affected: 546ac1ffb70d25b56c1126940e5ec639c4dd7413 , < 0f170e91d3063ca60baec4bd9f544faf3bfe29eb (git)
Affected: 546ac1ffb70d25b56c1126940e5ec639c4dd7413 , < 70f3de869865f9c3da0508a5ea29f6f4c1889057 (git)
Affected: 546ac1ffb70d25b56c1126940e5ec639c4dd7413 , < ad34306ac6836e5dd096b7d0ad4aa20cb7c8d9e5 (git)
Affected: 546ac1ffb70d25b56c1126940e5ec639c4dd7413 , < 98c03d05936d846073df8f550e9e8bf0dde1d77f (git)
Affected: 546ac1ffb70d25b56c1126940e5ec639c4dd7413 , < 8e858930695d3ebec423e85384c95427258c294f (git)
Affected: 546ac1ffb70d25b56c1126940e5ec639c4dd7413 , < 178e31df1fb3d9e0890eb471da16709cbc82edee (git)
Affected: 546ac1ffb70d25b56c1126940e5ec639c4dd7413 , < ab244dd7cf4c291f82faacdc50b45cc0f55b674d (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56615",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:01:08.212567Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:13.109Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:02.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/devmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0f170e91d3063ca60baec4bd9f544faf3bfe29eb",
              "status": "affected",
              "version": "546ac1ffb70d25b56c1126940e5ec639c4dd7413",
              "versionType": "git"
            },
            {
              "lessThan": "70f3de869865f9c3da0508a5ea29f6f4c1889057",
              "status": "affected",
              "version": "546ac1ffb70d25b56c1126940e5ec639c4dd7413",
              "versionType": "git"
            },
            {
              "lessThan": "ad34306ac6836e5dd096b7d0ad4aa20cb7c8d9e5",
              "status": "affected",
              "version": "546ac1ffb70d25b56c1126940e5ec639c4dd7413",
              "versionType": "git"
            },
            {
              "lessThan": "98c03d05936d846073df8f550e9e8bf0dde1d77f",
              "status": "affected",
              "version": "546ac1ffb70d25b56c1126940e5ec639c4dd7413",
              "versionType": "git"
            },
            {
              "lessThan": "8e858930695d3ebec423e85384c95427258c294f",
              "status": "affected",
              "version": "546ac1ffb70d25b56c1126940e5ec639c4dd7413",
              "versionType": "git"
            },
            {
              "lessThan": "178e31df1fb3d9e0890eb471da16709cbc82edee",
              "status": "affected",
              "version": "546ac1ffb70d25b56c1126940e5ec639c4dd7413",
              "versionType": "git"
            },
            {
              "lessThan": "ab244dd7cf4c291f82faacdc50b45cc0f55b674d",
              "status": "affected",
              "version": "546ac1ffb70d25b56c1126940e5ec639c4dd7413",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/devmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix OOB devmap writes when deleting elements\n\nJordy reported issue against XSKMAP which also applies to DEVMAP - the\nindex used for accessing map entry, due to being a signed integer,\ncauses the OOB writes. Fix is simple as changing the type from int to\nu32, however, when compared to XSKMAP case, one more thing needs to be\naddressed.\n\nWhen map is released from system via dev_map_free(), we iterate through\nall of the entries and an iterator variable is also an int, which\nimplies OOB accesses. Again, change it to be u32.\n\nExample splat below:\n\n[  160.724676] BUG: unable to handle page fault for address: ffffc8fc2c001000\n[  160.731662] #PF: supervisor read access in kernel mode\n[  160.736876] #PF: error_code(0x0000) - not-present page\n[  160.742095] PGD 0 P4D 0\n[  160.744678] Oops: Oops: 0000 [#1] PREEMPT SMP\n[  160.749106] CPU: 1 UID: 0 PID: 520 Comm: kworker/u145:12 Not tainted 6.12.0-rc1+ #487\n[  160.757050] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[  160.767642] Workqueue: events_unbound bpf_map_free_deferred\n[  160.773308] RIP: 0010:dev_map_free+0x77/0x170\n[  160.777735] Code: 00 e8 fd 91 ed ff e8 b8 73 ed ff 41 83 7d 18 19 74 6e 41 8b 45 24 49 8b bd f8 00 00 00 31 db 85 c0 74 48 48 63 c3 48 8d 04 c7 \u003c48\u003e 8b 28 48 85 ed 74 30 48 8b 7d 18 48 85 ff 74 05 e8 b3 52 fa ff\n[  160.796777] RSP: 0018:ffffc9000ee1fe38 EFLAGS: 00010202\n[  160.802086] RAX: ffffc8fc2c001000 RBX: 0000000080000000 RCX: 0000000000000024\n[  160.809331] RDX: 0000000000000000 RSI: 0000000000000024 RDI: ffffc9002c001000\n[  160.816576] RBP: 0000000000000000 R08: 0000000000000023 R09: 0000000000000001\n[  160.823823] R10: 0000000000000001 R11: 00000000000ee6b2 R12: dead000000000122\n[  160.831066] R13: ffff88810c928e00 R14: ffff8881002df405 R15: 0000000000000000\n[  160.838310] FS:  0000000000000000(0000) GS:ffff8897e0c40000(0000) knlGS:0000000000000000\n[  160.846528] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  160.852357] CR2: ffffc8fc2c001000 CR3: 0000000005c32006 CR4: 00000000007726f0\n[  160.859604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  160.866847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[  160.874092] PKRU: 55555554\n[  160.876847] Call Trace:\n[  160.879338]  \u003cTASK\u003e\n[  160.881477]  ? __die+0x20/0x60\n[  160.884586]  ? page_fault_oops+0x15a/0x450\n[  160.888746]  ? search_extable+0x22/0x30\n[  160.892647]  ? search_bpf_extables+0x5f/0x80\n[  160.896988]  ? exc_page_fault+0xa9/0x140\n[  160.900973]  ? asm_exc_page_fault+0x22/0x30\n[  160.905232]  ? dev_map_free+0x77/0x170\n[  160.909043]  ? dev_map_free+0x58/0x170\n[  160.912857]  bpf_map_free_deferred+0x51/0x90\n[  160.917196]  process_one_work+0x142/0x370\n[  160.921272]  worker_thread+0x29e/0x3b0\n[  160.925082]  ? rescuer_thread+0x4b0/0x4b0\n[  160.929157]  kthread+0xd4/0x110\n[  160.932355]  ? kthread_park+0x80/0x80\n[  160.936079]  ret_from_fork+0x2d/0x50\n[  160.943396]  ? kthread_park+0x80/0x80\n[  160.950803]  ret_from_fork_asm+0x11/0x20\n[  160.958482]  \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:59:56.222Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0f170e91d3063ca60baec4bd9f544faf3bfe29eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/70f3de869865f9c3da0508a5ea29f6f4c1889057"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad34306ac6836e5dd096b7d0ad4aa20cb7c8d9e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/98c03d05936d846073df8f550e9e8bf0dde1d77f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e858930695d3ebec423e85384c95427258c294f"
        },
        {
          "url": "https://git.kernel.org/stable/c/178e31df1fb3d9e0890eb471da16709cbc82edee"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab244dd7cf4c291f82faacdc50b45cc0f55b674d"
        }
      ],
      "title": "bpf: fix OOB devmap writes when deleting elements",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56615",
    "datePublished": "2024-12-27T14:51:20.206Z",
    "dateReserved": "2024-12-27T14:03:06.014Z",
    "dateUpdated": "2025-11-03T20:51:02.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46763 (GCVE-0-2024-46763)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18

Title

fou: Fix null-ptr-deref in GRO.

Summary

In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host. [0] The NULL pointer is sk->sk_user_data, and the offset 8 is of protocol in struct fou. When fou_release() is called due to netns dismantle or explicit tunnel teardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data. Then, the tunnel socket is destroyed after a single RCU grace period. So, in-flight udp4_gro_receive() could find the socket and execute the FOU GRO handler, where sk->sk_user_data could be NULL. Let's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL checks in FOU GRO handlers. [0]: BUG: kernel NULL pointer dereference, address: 0000000000000008 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0 SMP PTI CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1 Hardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017 RIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou] Code: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42 RSP: 0018:ffffa330c0003d08 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010 RDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08 RBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002 R10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400 R13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0 FS: 0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420) ? no_context (arch/x86/mm/fault.c:752) ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483) ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571) ? fou_gro_receive (net/ipv4/fou.c:233) [fou] udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559) udp4_gro_receive (net/ipv4/udp_offload.c:604) inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7)) dev_gro_receive (net/core/dev.c:6035 (discriminator 4)) napi_gro_receive (net/core/dev.c:6170) ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena] ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena] napi_poll (net/core/dev.c:6847) net_rx_action (net/core/dev.c:6917) __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299) asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809) </IRQ> do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77) irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435) common_interrupt (arch/x86/kernel/irq.c:239) asm_common_interrupt (arch/x86/include/asm/idtentry.h:626) RIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575) Code: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 RSP: 0018:ffffffffb5603e58 EFLAGS: 00000246 RAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900 RDX: ffff93daee800000 RSI: ffff93d ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/231c235d2f7a66f01…
	https://git.kernel.org/stable/c/4494bccb52ffda22c…
	https://git.kernel.org/stable/c/d7567f098f54cb53e…
	https://git.kernel.org/stable/c/1df42be305fe478de…
	https://git.kernel.org/stable/c/c46cd6aaca81040de…
	https://git.kernel.org/stable/c/7e4196935069947d8…

Impacted products

Vendor

Product

Version

Linux

Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < 231c235d2f7a66f018f172e26ffd47c363f244ef (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < 4494bccb52ffda22ce5a1163a776d970e6229e08 (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3 (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < 1df42be305fe478ded1ee0c1d775f4ece713483b (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < c46cd6aaca81040deaea3500ba75126963294bd9 (git)
Affected: d92283e338f6d6503b7417536bf3478f466cbc01 , < 7e4196935069947d8b70b09c1660b67b067e75cb (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46763",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:43:18.405859Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:43:32.083Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:09.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/fou_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "231c235d2f7a66f018f172e26ffd47c363f244ef",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "4494bccb52ffda22ce5a1163a776d970e6229e08",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "1df42be305fe478ded1ee0c1d775f4ece713483b",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "c46cd6aaca81040deaea3500ba75126963294bd9",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            },
            {
              "lessThan": "7e4196935069947d8b70b09c1660b67b067e75cb",
              "status": "affected",
              "version": "d92283e338f6d6503b7417536bf3478f466cbc01",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/fou_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk-\u003esk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk-\u003esk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk-\u003esk_user_data could be NULL.\n\nLet\u0027s use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 \u003c0f\u003e b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n\u003c/IRQ\u003e\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 \u003cfa\u003e c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:33:36.920Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb"
        }
      ],
      "title": "fou: Fix null-ptr-deref in GRO.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46763",
    "datePublished": "2024-09-18T07:12:22.666Z",
    "dateReserved": "2024-09-11T15:12:18.272Z",
    "dateUpdated": "2025-11-03T22:18:09.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50234 (GCVE-0-2024-50234)

Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-01-05 10:55

Title

wifi: iwlegacy: Clear stale interrupts before resuming device

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop. The reason seems to be a stale interrupt which isn't being cleared out before interrupts are enabled. We end up with a race beween the resume trying to bring things back up, and the restart work (queued form the interrupt handler) trying to bring things down. Eventually the whole thing blows up. Fix the problem by clearing out any stale interrupts before interrupts get enabled during resume. Here's a debug log of the indicent: [ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000 [ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000 [ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio. [ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload [ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282 [ 12.052207] ieee80211 phy0: il4965_mac_start enter [ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff [ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready [ 12.052324] ieee80211 phy0: il_apm_init Init card's basic functions [ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S [ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm [ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm [ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK [ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations [ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up [ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done. [ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down [ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout [ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort [ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver [ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared [ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state [ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master [ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear. [ 12.058869] ieee80211 phy0: Hardware restart was requested [ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms. [ 16.132303] ------------[ cut here ]------------ [ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue. [ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev [ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143 [ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010 [ 16.132463] Workqueue: async async_run_entry_fn [ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132501] Code: da 02 00 0 ---truncated---

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/271d282ecc15d7012…
	https://git.kernel.org/stable/c/9d89941e51259c2b0…
	https://git.kernel.org/stable/c/d0231f43df473e2f8…
	https://git.kernel.org/stable/c/8ac22fe1e2b104c37…
	https://git.kernel.org/stable/c/23f9cef17ee315777…
	https://git.kernel.org/stable/c/cedf0f1db8d5f3524…
	https://git.kernel.org/stable/c/8af8294d369a871cd…
	https://git.kernel.org/stable/c/07c90acb071b9954e…

Impacted products

Vendor

Product

Version

Linux

Affected: e655b9f03f41c7a84fb74d6619abf844d7f2ab65 , < 271d282ecc15d7012e71ca82c89a6c0e13a063dd (git)
Affected: e655b9f03f41c7a84fb74d6619abf844d7f2ab65 , < 9d89941e51259c2b0b8e9c10c6f1f74200d7444f (git)
Affected: e655b9f03f41c7a84fb74d6619abf844d7f2ab65 , < d0231f43df473e2f80372d0ca150eb3619932ef9 (git)
Affected: e655b9f03f41c7a84fb74d6619abf844d7f2ab65 , < 8ac22fe1e2b104c37e4fecd97735f64bd6349ebc (git)
Affected: e655b9f03f41c7a84fb74d6619abf844d7f2ab65 , < 23f9cef17ee315777dbe88d5c11ff6166e4d0699 (git)
Affected: e655b9f03f41c7a84fb74d6619abf844d7f2ab65 , < cedf0f1db8d5f3524339c2c6e35a8505b0f1ab73 (git)
Affected: e655b9f03f41c7a84fb74d6619abf844d7f2ab65 , < 8af8294d369a871cdbcdbb4d13b87d2d6e490a1f (git)
Affected: e655b9f03f41c7a84fb74d6619abf844d7f2ab65 , < 07c90acb071b9954e1fecb1e4f4f13d12c544b34 (git)

Linux

Affected: 2.6.25
Unaffected: 0 , < 2.6.25 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.229 , ≤ 5.10.* (semver)
Unaffected: 5.15.171 , ≤ 5.15.* (semver)
Unaffected: 6.1.116 , ≤ 6.1.* (semver)
Unaffected: 6.6.60 , ≤ 6.6.* (semver)
Unaffected: 6.11.7 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50234",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:16:29.350204Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-367",
                "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:27.078Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:27:15.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlegacy/common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "271d282ecc15d7012e71ca82c89a6c0e13a063dd",
              "status": "affected",
              "version": "e655b9f03f41c7a84fb74d6619abf844d7f2ab65",
              "versionType": "git"
            },
            {
              "lessThan": "9d89941e51259c2b0b8e9c10c6f1f74200d7444f",
              "status": "affected",
              "version": "e655b9f03f41c7a84fb74d6619abf844d7f2ab65",
              "versionType": "git"
            },
            {
              "lessThan": "d0231f43df473e2f80372d0ca150eb3619932ef9",
              "status": "affected",
              "version": "e655b9f03f41c7a84fb74d6619abf844d7f2ab65",
              "versionType": "git"
            },
            {
              "lessThan": "8ac22fe1e2b104c37e4fecd97735f64bd6349ebc",
              "status": "affected",
              "version": "e655b9f03f41c7a84fb74d6619abf844d7f2ab65",
              "versionType": "git"
            },
            {
              "lessThan": "23f9cef17ee315777dbe88d5c11ff6166e4d0699",
              "status": "affected",
              "version": "e655b9f03f41c7a84fb74d6619abf844d7f2ab65",
              "versionType": "git"
            },
            {
              "lessThan": "cedf0f1db8d5f3524339c2c6e35a8505b0f1ab73",
              "status": "affected",
              "version": "e655b9f03f41c7a84fb74d6619abf844d7f2ab65",
              "versionType": "git"
            },
            {
              "lessThan": "8af8294d369a871cdbcdbb4d13b87d2d6e490a1f",
              "status": "affected",
              "version": "e655b9f03f41c7a84fb74d6619abf844d7f2ab65",
              "versionType": "git"
            },
            {
              "lessThan": "07c90acb071b9954e1fecb1e4f4f13d12c544b34",
              "status": "affected",
              "version": "e655b9f03f41c7a84fb74d6619abf844d7f2ab65",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlegacy/common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.171",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.116",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.60",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.229",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.171",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.116",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.60",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.7",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlegacy: Clear stale interrupts before resuming device\n\niwl4965 fails upon resume from hibernation on my laptop. The reason\nseems to be a stale interrupt which isn\u0027t being cleared out before\ninterrupts are enabled. We end up with a race beween the resume\ntrying to bring things back up, and the restart work (queued form\nthe interrupt handler) trying to bring things down. Eventually\nthe whole thing blows up.\n\nFix the problem by clearing out any stale interrupts before\ninterrupts get enabled during resume.\n\nHere\u0027s a debug log of the indicent:\n[   12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000\n[   12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000\n[   12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio.\n[   12.042653] iwl4965 0000:10:00.0: On demand firmware reload\n[   12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282\n[   12.052207] ieee80211 phy0: il4965_mac_start enter\n[   12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff\n[   12.052244] ieee80211 phy0: il4965_set_hw_ready hardware  ready\n[   12.052324] ieee80211 phy0: il_apm_init Init card\u0027s basic functions\n[   12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S\n[   12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm\n[   12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm\n[   12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK\n[   12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations\n[   12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up\n[   12.058737] ieee80211 phy0: il4965_mac_start Start UP work done.\n[   12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down\n[   12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout\n[   12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort\n[   12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver\n[   12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared\n[   12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state\n[   12.058827] ieee80211 phy0: _il_apm_stop_master stop master\n[   12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear.\n[   12.058869] ieee80211 phy0: Hardware restart was requested\n[   16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms.\n[   16.132303] ------------[ cut here ]------------\n[   16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.\n[   16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[   16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev\n[   16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143\n[   16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010\n[   16.132463] Workqueue: async async_run_entry_fn\n[   16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[   16.132501] Code: da 02 00 0\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:18.956Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/271d282ecc15d7012e71ca82c89a6c0e13a063dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d89941e51259c2b0b8e9c10c6f1f74200d7444f"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0231f43df473e2f80372d0ca150eb3619932ef9"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ac22fe1e2b104c37e4fecd97735f64bd6349ebc"
        },
        {
          "url": "https://git.kernel.org/stable/c/23f9cef17ee315777dbe88d5c11ff6166e4d0699"
        },
        {
          "url": "https://git.kernel.org/stable/c/cedf0f1db8d5f3524339c2c6e35a8505b0f1ab73"
        },
        {
          "url": "https://git.kernel.org/stable/c/8af8294d369a871cdbcdbb4d13b87d2d6e490a1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/07c90acb071b9954e1fecb1e4f4f13d12c544b34"
        }
      ],
      "title": "wifi: iwlegacy: Clear stale interrupts before resuming device",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50234",
    "datePublished": "2024-11-09T10:14:44.363Z",
    "dateReserved": "2024-10-21T19:36:19.975Z",
    "dateUpdated": "2026-01-05T10:55:18.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46791 (GCVE-0-2024-46791)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18

Title

can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

Summary

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device. If an interrupt has already occurred then waiting for the interrupt handler to complete will deadlock because it will be trying to acquire the same mutex. CPU0 CPU1 ---- ---- mcp251x_open() mutex_lock(&priv->mcp_lock) request_threaded_irq() <interrupt> mcp251x_can_ist() mutex_lock(&priv->mcp_lock) mcp251x_hw_wake() disable_irq() <-- deadlock Use disable_irq_nosync() instead because the interrupt handler does everything while holding the mutex so it doesn't matter if it's still running.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3a49b6b1caf5cefc0…
	https://git.kernel.org/stable/c/513c8fc189b52f792…
	https://git.kernel.org/stable/c/f7ab9e14b23a3eac6…
	https://git.kernel.org/stable/c/8fecde9c3f9a4b97b…
	https://git.kernel.org/stable/c/e554113a1cd2a9cfc…
	https://git.kernel.org/stable/c/7dd9c26bd6cf679bc…

Impacted products

Vendor

Product

Version

Linux

Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 3a49b6b1caf5cefc05264d29079d52c99cb188e0 (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 513c8fc189b52f7922e36bdca58997482b198f0e (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646 (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7 (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < e554113a1cd2a9cfc6c7af7bdea2141c5757e188 (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:23:49.123031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:24:01.153Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:34.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/spi/mcp251x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a49b6b1caf5cefc05264d29079d52c99cb188e0",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "513c8fc189b52f7922e36bdca58997482b198f0e",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "e554113a1cd2a9cfc6c7af7bdea2141c5757e188",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "7dd9c26bd6cf679bcfdef01a8659791aa6487a29",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/spi/mcp251x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(\u0026priv-\u003emcp_lock)\n  request_threaded_irq()\n                               \u003cinterrupt\u003e\n                               mcp251x_can_ist()\n                                mutex_lock(\u0026priv-\u003emcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() \u003c-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn\u0027t matter if it\u0027s still\nrunning."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:34:24.903Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646"
        },
        {
          "url": "https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29"
        }
      ],
      "title": "can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46791",
    "datePublished": "2024-09-18T07:12:46.677Z",
    "dateReserved": "2024-09-11T15:12:18.279Z",
    "dateUpdated": "2025-11-03T22:18:34.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47740 (GCVE-0-2024-47740)

Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21

Title

f2fs: Require FMODE_WRITE for atomic write ioctls

Summary

In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODE_WRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/700f3a7c7fa5764c9…
	https://git.kernel.org/stable/c/4ce87674c3a6b4d3b…
	https://git.kernel.org/stable/c/000bab8753ae29a25…
	https://git.kernel.org/stable/c/88ff021e1fea2d9b4…
	https://git.kernel.org/stable/c/32f348ecc149e9ca7…
	https://git.kernel.org/stable/c/5e0de753bfe87768e…
	https://git.kernel.org/stable/c/f3bfac2cabf533350…
	https://git.kernel.org/stable/c/4583290898c13c2c2…
	https://git.kernel.org/stable/c/4f5a100f87f32cb65…

Impacted products

Vendor

Product

Version

Linux

Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653 (git)
Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 4ce87674c3a6b4d3b3d45f85b584ab8618a3cece (git)
Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 000bab8753ae29a259feb339b99ee759795a48ac (git)
Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 88ff021e1fea2d9b40b2d5efd9013c89f7be04ac (git)
Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 32f348ecc149e9ca70a1c424ae8fa9b6919d2713 (git)
Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 5e0de753bfe87768ebe6744d869caa92f35e5731 (git)
Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < f3bfac2cabf5333506b263bc0c8497c95302f32d (git)
Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 4583290898c13c2c2e5eb8773886d153c2c5121d (git)
Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e (git)

Linux

Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.54 , ≤ 6.6.* (semver)
Unaffected: 6.10.13 , ≤ 6.10.* (semver)
Unaffected: 6.11.2 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47740",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T12:59:19.414286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:04:14.597Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:21:36.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653",
              "status": "affected",
              "version": "88b88a66797159949cec32eaab12b4968f6fae2d",
              "versionType": "git"
            },
            {
              "lessThan": "4ce87674c3a6b4d3b3d45f85b584ab8618a3cece",
              "status": "affected",
              "version": "88b88a66797159949cec32eaab12b4968f6fae2d",
              "versionType": "git"
            },
            {
              "lessThan": "000bab8753ae29a259feb339b99ee759795a48ac",
              "status": "affected",
              "version": "88b88a66797159949cec32eaab12b4968f6fae2d",
              "versionType": "git"
            },
            {
              "lessThan": "88ff021e1fea2d9b40b2d5efd9013c89f7be04ac",
              "status": "affected",
              "version": "88b88a66797159949cec32eaab12b4968f6fae2d",
              "versionType": "git"
            },
            {
              "lessThan": "32f348ecc149e9ca70a1c424ae8fa9b6919d2713",
              "status": "affected",
              "version": "88b88a66797159949cec32eaab12b4968f6fae2d",
              "versionType": "git"
            },
            {
              "lessThan": "5e0de753bfe87768ebe6744d869caa92f35e5731",
              "status": "affected",
              "version": "88b88a66797159949cec32eaab12b4968f6fae2d",
              "versionType": "git"
            },
            {
              "lessThan": "f3bfac2cabf5333506b263bc0c8497c95302f32d",
              "status": "affected",
              "version": "88b88a66797159949cec32eaab12b4968f6fae2d",
              "versionType": "git"
            },
            {
              "lessThan": "4583290898c13c2c2e5eb8773886d153c2c5121d",
              "status": "affected",
              "version": "88b88a66797159949cec32eaab12b4968f6fae2d",
              "versionType": "git"
            },
            {
              "lessThan": "4f5a100f87f32cb65d4bb1ad282a08c92f6f591e",
              "status": "affected",
              "version": "88b88a66797159949cec32eaab12b4968f6fae2d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: Require FMODE_WRITE for atomic write ioctls\n\nThe F2FS ioctls for starting and committing atomic writes check for\ninode_owner_or_capable(), but this does not give LSMs like SELinux or\nLandlock an opportunity to deny the write access - if the caller\u0027s FSUID\nmatches the inode\u0027s UID, inode_owner_or_capable() immediately returns true.\n\nThere are scenarios where LSMs want to deny a process the ability to write\nparticular files, even files that the FSUID of the process owns; but this\ncan currently partially be bypassed using atomic write ioctls in two ways:\n\n - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can\n   truncate an inode to size 0\n - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert\n   changes another process concurrently made to a file\n\nFix it by requiring FMODE_WRITE for these operations, just like for\nF2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these\nioctls when intending to write into the file, that seems unlikely to break\nanything."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:38:45.311Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ce87674c3a6b4d3b3d45f85b584ab8618a3cece"
        },
        {
          "url": "https://git.kernel.org/stable/c/000bab8753ae29a259feb339b99ee759795a48ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/88ff021e1fea2d9b40b2d5efd9013c89f7be04ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/32f348ecc149e9ca70a1c424ae8fa9b6919d2713"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e0de753bfe87768ebe6744d869caa92f35e5731"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3bfac2cabf5333506b263bc0c8497c95302f32d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4583290898c13c2c2e5eb8773886d153c2c5121d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f5a100f87f32cb65d4bb1ad282a08c92f6f591e"
        }
      ],
      "title": "f2fs: Require FMODE_WRITE for atomic write ioctls",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47740",
    "datePublished": "2024-10-21T12:14:09.171Z",
    "dateReserved": "2024-09-30T16:00:12.959Z",
    "dateUpdated": "2025-11-03T22:21:36.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49900 (GCVE-0-2024-49900)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54

Title

jfs: Fix uninit-value access of new_ea in ea_buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178 ... Uninit was stored to memory at: ea_put fs/jfs/xattr.c:639 [inline] ... Local variable ea_buf created at: __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662 __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934 ===================================================== The reason is ea_buf->new_ea is not initialized properly. Fix this by using memset to empty its content at the beginning in ea_get().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7b24d41d47a6805c4…
	https://git.kernel.org/stable/c/dac398ed272a378d2…
	https://git.kernel.org/stable/c/8b1dcf25c26d42e4a…
	https://git.kernel.org/stable/c/d7444f91a9f93eaa4…
	https://git.kernel.org/stable/c/6041536d18c5f51a8…
	https://git.kernel.org/stable/c/c076b3746224982ee…
	https://git.kernel.org/stable/c/7c244d5b48284a770…
	https://git.kernel.org/stable/c/8ad8b531de79c348b…
	https://git.kernel.org/stable/c/2b59ffad47db1c46a…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7b24d41d47a6805c45378debf8bd115675d41da8 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dac398ed272a378d2f42ac68ae408333a51baf52 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8b1dcf25c26d42e4a68c4725ce52a0543c7878cc (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d7444f91a9f93eaa48827087ed0f3381c194181d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6041536d18c5f51a84bc37cd568cbab61870031e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c076b3746224982eebdba5c9e4b1467e146c0d64 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7c244d5b48284a770d96ff703df2dfeadf804a73 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8ad8b531de79c348bcb8133e7f5e827b884226af (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2b59ffad47db1c46af25ccad157bb3b25147c35c (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49900",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:43:02.007949Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:48:47.719Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:02.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7b24d41d47a6805c45378debf8bd115675d41da8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dac398ed272a378d2f42ac68ae408333a51baf52",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8b1dcf25c26d42e4a68c4725ce52a0543c7878cc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d7444f91a9f93eaa48827087ed0f3381c194181d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6041536d18c5f51a84bc37cd568cbab61870031e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c076b3746224982eebdba5c9e4b1467e146c0d64",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7c244d5b48284a770d96ff703df2dfeadf804a73",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8ad8b531de79c348bcb8133e7f5e827b884226af",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2b59ffad47db1c46af25ccad157bb3b25147c35c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of new_ea in ea_buffer\n\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\n\n...\n\nUninit was stored to memory at:\n ea_put fs/jfs/xattr.c:639 [inline]\n\n...\n\nLocal variable ea_buf created at:\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\n\n=====================================================\n\nThe reason is ea_buf-\u003enew_ea is not initialized properly.\n\nFix this by using memset to empty its content at the beginning\nin ea_get()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:54:16.785Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7b24d41d47a6805c45378debf8bd115675d41da8"
        },
        {
          "url": "https://git.kernel.org/stable/c/dac398ed272a378d2f42ac68ae408333a51baf52"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b1dcf25c26d42e4a68c4725ce52a0543c7878cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7444f91a9f93eaa48827087ed0f3381c194181d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6041536d18c5f51a84bc37cd568cbab61870031e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c076b3746224982eebdba5c9e4b1467e146c0d64"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c244d5b48284a770d96ff703df2dfeadf804a73"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ad8b531de79c348bcb8133e7f5e827b884226af"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b59ffad47db1c46af25ccad157bb3b25147c35c"
        }
      ],
      "title": "jfs: Fix uninit-value access of new_ea in ea_buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49900",
    "datePublished": "2024-10-21T18:01:32.607Z",
    "dateReserved": "2024-10-21T12:17:06.026Z",
    "dateUpdated": "2026-01-05T10:54:16.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56562 (GCVE-0-2024-56562)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:23 – Updated: 2025-11-03 20:49

Title

i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()

Summary

In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...) ^^^^ free "dyn_addr" Fix copy/paste error "dyn_addr" by replacing it with "init_dyn_addr".

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c2f0ce241154b04f2…
	https://git.kernel.org/stable/c/093ecc6d82ff1d2e0…
	https://git.kernel.org/stable/c/0cb21f1ea3a2e19ee…
	https://git.kernel.org/stable/c/991e33a99fd3b5d43…
	https://git.kernel.org/stable/c/ce30d11b39e8d637f…
	https://git.kernel.org/stable/c/0e8ab955c6d06f9d9…
	https://git.kernel.org/stable/c/3082990592f7c6d75…

Impacted products

Vendor

Product

Version

Linux

Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < c2f0ce241154b04f2fc150ff16ad82d9b8fdfa4a (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 093ecc6d82ff1d2e0cbf6f2000438b6c698145cb (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 0cb21f1ea3a2e19ee314a8fcf95461b5c453c59e (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 991e33a99fd3b5d432f0629565f532f563fe019a (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < ce30d11b39e8d637fed4704a5b43e9d556990475 (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 0e8ab955c6d06f9d907761c07c02d1492f0a8ac1 (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 3082990592f7c6d7510a9133afa46e31bbe26533 (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:32.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i3c/master.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c2f0ce241154b04f2fc150ff16ad82d9b8fdfa4a",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "093ecc6d82ff1d2e0cbf6f2000438b6c698145cb",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "0cb21f1ea3a2e19ee314a8fcf95461b5c453c59e",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "991e33a99fd3b5d432f0629565f532f563fe019a",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "ce30d11b39e8d637fed4704a5b43e9d556990475",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "0e8ab955c6d06f9d907761c07c02d1492f0a8ac1",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "3082990592f7c6d7510a9133afa46e31bbe26533",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i3c/master.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()\n\nif (dev-\u003eboardinfo \u0026\u0026 dev-\u003eboardinfo-\u003einit_dyn_addr)\n                                      ^^^ here check \"init_dyn_addr\"\n\ti3c_bus_set_addr_slot_status(\u0026master-\u003ebus, dev-\u003einfo.dyn_addr, ...)\n\t\t\t\t\t\t             ^^^^\n\t\t\t\t\t\t\tfree \"dyn_addr\"\nFix copy/paste error \"dyn_addr\" by replacing it with \"init_dyn_addr\"."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:58:24.481Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c2f0ce241154b04f2fc150ff16ad82d9b8fdfa4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/093ecc6d82ff1d2e0cbf6f2000438b6c698145cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/0cb21f1ea3a2e19ee314a8fcf95461b5c453c59e"
        },
        {
          "url": "https://git.kernel.org/stable/c/991e33a99fd3b5d432f0629565f532f563fe019a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce30d11b39e8d637fed4704a5b43e9d556990475"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e8ab955c6d06f9d907761c07c02d1492f0a8ac1"
        },
        {
          "url": "https://git.kernel.org/stable/c/3082990592f7c6d7510a9133afa46e31bbe26533"
        }
      ],
      "title": "i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56562",
    "datePublished": "2024-12-27T14:23:07.130Z",
    "dateReserved": "2024-12-27T14:03:05.994Z",
    "dateUpdated": "2025-11-03T20:49:32.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56634 (GCVE-0-2024-56634)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2025-11-03 20:51

Title

gpio: grgpio: Add NULL check in grgpio_probe

Summary

In the Linux kernel, the following vulnerability has been resolved: gpio: grgpio: Add NULL check in grgpio_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in grgpio_probe is not checked. Add NULL check in grgpio_probe, to handle kernel NULL pointer dereference error.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/53ff0caa6ad57372d…
	https://git.kernel.org/stable/c/4733f68e59bb7b9e3…
	https://git.kernel.org/stable/c/ad4dfa7ea7f5f7e9a…
	https://git.kernel.org/stable/c/09adf8792b61c09ae…
	https://git.kernel.org/stable/c/8d2ca6ac3711a4f40…
	https://git.kernel.org/stable/c/db2fc255fcf41f536…
	https://git.kernel.org/stable/c/050b23d081da0f294…

Impacted products

Vendor

Product

Version

Linux

Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 53ff0caa6ad57372d426b4f48fc0f66df43a731f (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 4733f68e59bb7b9e3d395699abb18366954b9ba7 (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < ad4dfa7ea7f5f7e9a3c78627cfc749bc7005ca7a (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 09adf8792b61c09ae543972a1ece1884ef773848 (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 8d2ca6ac3711a4f4015d26b7cc84f325ac608edb (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < db2fc255fcf41f536ac8666409849e11659af88d (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 050b23d081da0f29474de043e9538c1f7a351b3b (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56634",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:00:39.281598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:12.022Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:32.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-grgpio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "53ff0caa6ad57372d426b4f48fc0f66df43a731f",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "4733f68e59bb7b9e3d395699abb18366954b9ba7",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "ad4dfa7ea7f5f7e9a3c78627cfc749bc7005ca7a",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "09adf8792b61c09ae543972a1ece1884ef773848",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "8d2ca6ac3711a4f4015d26b7cc84f325ac608edb",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "db2fc255fcf41f536ac8666409849e11659af88d",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "050b23d081da0f29474de043e9538c1f7a351b3b",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-grgpio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: grgpio: Add NULL check in grgpio_probe\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in grgpio_probe is not checked.\nAdd NULL check in grgpio_probe, to handle kernel NULL\npointer dereference error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:38.405Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/53ff0caa6ad57372d426b4f48fc0f66df43a731f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4733f68e59bb7b9e3d395699abb18366954b9ba7"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad4dfa7ea7f5f7e9a3c78627cfc749bc7005ca7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/09adf8792b61c09ae543972a1ece1884ef773848"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d2ca6ac3711a4f4015d26b7cc84f325ac608edb"
        },
        {
          "url": "https://git.kernel.org/stable/c/db2fc255fcf41f536ac8666409849e11659af88d"
        },
        {
          "url": "https://git.kernel.org/stable/c/050b23d081da0f29474de043e9538c1f7a351b3b"
        }
      ],
      "title": "gpio: grgpio: Add NULL check in grgpio_probe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56634",
    "datePublished": "2024-12-27T15:02:32.192Z",
    "dateReserved": "2024-12-27T15:00:39.838Z",
    "dateUpdated": "2025-11-03T20:51:32.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46815 (GCVE-0-2024-46815)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18

Title

drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a72d4996409569027…
	https://git.kernel.org/stable/c/7c47dd2e92341f298…
	https://git.kernel.org/stable/c/c4a7f7c0062fe2c73…
	https://git.kernel.org/stable/c/b36e9b3104c4ba0f2…
	https://git.kernel.org/stable/c/21f9cb44f8c60bf6c…
	https://git.kernel.org/stable/c/6a4a08e45e614cfa7…
	https://git.kernel.org/stable/c/b38a4815f79b87efb…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < a72d4996409569027b4609414a14a87679b12267 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 7c47dd2e92341f2989ab73dbed07f8894593ad7b (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c4a7f7c0062fe2c73f70bb7e335199e25bd71492 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b36e9b3104c4ba0f2f5dd083dcf6159cb316c996 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b38a4815f79b87efb196cd5121579fc51e29a7fb (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46815",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:18:10.423569Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:18:21.693Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:59.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a72d4996409569027b4609414a14a87679b12267",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "7c47dd2e92341f2989ab73dbed07f8894593ad7b",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "c4a7f7c0062fe2c73f70bb7e335199e25bd71492",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "b36e9b3104c4ba0f2f5dd083dcf6159cb316c996",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "b38a4815f79b87efb196cd5121579fc51e29a7fb",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:20:39.741Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492"
        },
        {
          "url": "https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996"
        },
        {
          "url": "https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb"
        }
      ],
      "title": "drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46815",
    "datePublished": "2024-09-27T12:35:57.062Z",
    "dateReserved": "2024-09-11T15:12:18.283Z",
    "dateUpdated": "2025-11-03T22:18:59.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41000 (GCVE-0-2024-41000)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:37 – Updated: 2026-01-05 10:37

Title

block/ioctl: prefer different overflow check

Summary

In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ------------[ cut here ]------------ [ 62.985692] cgroup: Invalid name [ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46 [ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1 [ 62.992992] 9223372036854775807 + 4095 cannot be represented in type 'long long' [ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1 [ 62.999369] random: crng reseeded on system resumption [ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000) [ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.000682] Call Trace: [ 63.000686] <TASK> [ 63.000731] dump_stack_lvl+0x93/0xd0 [ 63.000919] __get_user_pages+0x903/0xd30 [ 63.001030] __gup_longterm_locked+0x153e/0x1ba0 [ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50 [ 63.001072] ? try_get_folio+0x29c/0x2d0 [ 63.001083] internal_get_user_pages_fast+0x1119/0x1530 [ 63.001109] iov_iter_extract_pages+0x23b/0x580 [ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220 [ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410 [ 63.001297] __iomap_dio_rw+0xab4/0x1810 [ 63.001316] iomap_dio_rw+0x45/0xa0 [ 63.001328] ext4_file_write_iter+0xdde/0x1390 [ 63.001372] vfs_write+0x599/0xbd0 [ 63.001394] ksys_write+0xc8/0x190 [ 63.001403] do_syscall_64+0xd4/0x1b0 [ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60 [ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 63.001535] RIP: 0033:0x7f7fd3ebf539 [ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539 [ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004 [ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000 [ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8 ... [ 63.018142] ---[ end trace ]--- Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang; It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rework this overflow checking logic to not actually perform an overflow during the check itself, thus avoiding the UBSAN splat. [1]: https://github.com/llvm/llvm-project/pull/82432

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/58706e482bf45c4db…
	https://git.kernel.org/stable/c/3220c90f4dbdc6d20…
	https://git.kernel.org/stable/c/61ec76ec930709b7b…
	https://git.kernel.org/stable/c/fd841ee01fb4a79cb…
	https://git.kernel.org/stable/c/54160fb1db2de3674…
	https://git.kernel.org/stable/c/ccb326b5f9e623eb7…

Impacted products

Vendor

Product

Version

Linux

Affected: 8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62 , < 58706e482bf45c4db48b0c53aba2468c97adda24 (git)
Affected: 5010c27120962c85d2f421d2cf211791c9603503 , < 3220c90f4dbdc6d20d0608b164d964434a810d66 (git)
Affected: ef31cc87794731ffcb578a195a2c47d744e25fb8 , < 61ec76ec930709b7bcd69029ef1fe90491f20cf9 (git)
Affected: cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8 , < fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e (git)
Affected: 6f64f866aa1ae6975c95d805ed51d7e9433a0016 , < 54160fb1db2de367485f21e30196c42f7ee0be4e (git)
Affected: 6f64f866aa1ae6975c95d805ed51d7e9433a0016 , < ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9 (git)
Affected: bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:02.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58706e482bf45c4db48b0c53aba2468c97adda24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3220c90f4dbdc6d20d0608b164d964434a810d66"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61ec76ec930709b7bcd69029ef1fe90491f20cf9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54160fb1db2de367485f21e30196c42f7ee0be4e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41000",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:01:19.374759Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:19.237Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "58706e482bf45c4db48b0c53aba2468c97adda24",
              "status": "affected",
              "version": "8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62",
              "versionType": "git"
            },
            {
              "lessThan": "3220c90f4dbdc6d20d0608b164d964434a810d66",
              "status": "affected",
              "version": "5010c27120962c85d2f421d2cf211791c9603503",
              "versionType": "git"
            },
            {
              "lessThan": "61ec76ec930709b7bcd69029ef1fe90491f20cf9",
              "status": "affected",
              "version": "ef31cc87794731ffcb578a195a2c47d744e25fb8",
              "versionType": "git"
            },
            {
              "lessThan": "fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e",
              "status": "affected",
              "version": "cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8",
              "versionType": "git"
            },
            {
              "lessThan": "54160fb1db2de367485f21e30196c42f7ee0be4e",
              "status": "affected",
              "version": "6f64f866aa1ae6975c95d805ed51d7e9433a0016",
              "versionType": "git"
            },
            {
              "lessThan": "ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9",
              "status": "affected",
              "version": "6f64f866aa1ae6975c95d805ed51d7e9433a0016",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.10.215",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.15.148",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "6.1.75",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "6.6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/ioctl: prefer different overflow check\n\nRunning syzkaller with the newly reintroduced signed integer overflow\nsanitizer shows this report:\n\n[   62.982337] ------------[ cut here ]------------\n[   62.985692] cgroup: Invalid name\n[   62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46\n[   62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1\n[   62.992992] 9223372036854775807 + 4095 cannot be represented in type \u0027long long\u0027\n[   62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1\n[   62.999369] random: crng reseeded on system resumption\n[   63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000)\n[   63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[   63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   63.000682] Call Trace:\n[   63.000686]  \u003cTASK\u003e\n[   63.000731]  dump_stack_lvl+0x93/0xd0\n[   63.000919]  __get_user_pages+0x903/0xd30\n[   63.001030]  __gup_longterm_locked+0x153e/0x1ba0\n[   63.001041]  ? _raw_read_unlock_irqrestore+0x17/0x50\n[   63.001072]  ? try_get_folio+0x29c/0x2d0\n[   63.001083]  internal_get_user_pages_fast+0x1119/0x1530\n[   63.001109]  iov_iter_extract_pages+0x23b/0x580\n[   63.001206]  bio_iov_iter_get_pages+0x4de/0x1220\n[   63.001235]  iomap_dio_bio_iter+0x9b6/0x1410\n[   63.001297]  __iomap_dio_rw+0xab4/0x1810\n[   63.001316]  iomap_dio_rw+0x45/0xa0\n[   63.001328]  ext4_file_write_iter+0xdde/0x1390\n[   63.001372]  vfs_write+0x599/0xbd0\n[   63.001394]  ksys_write+0xc8/0x190\n[   63.001403]  do_syscall_64+0xd4/0x1b0\n[   63.001421]  ? arch_exit_to_user_mode_prepare+0x3a/0x60\n[   63.001479]  entry_SYSCALL_64_after_hwframe+0x6f/0x77\n[   63.001535] RIP: 0033:0x7f7fd3ebf539\n[   63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\n[   63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[   63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539\n[   63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004\n[   63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000\n[   63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[   63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8\n...\n[   63.018142] ---[ end trace ]---\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang; It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet\u0027s rework this overflow checking logic to not actually perform an\noverflow during the check itself, thus avoiding the UBSAN splat.\n\n[1]: https://github.com/llvm/llvm-project/pull/82432"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:16.679Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/58706e482bf45c4db48b0c53aba2468c97adda24"
        },
        {
          "url": "https://git.kernel.org/stable/c/3220c90f4dbdc6d20d0608b164d964434a810d66"
        },
        {
          "url": "https://git.kernel.org/stable/c/61ec76ec930709b7bcd69029ef1fe90491f20cf9"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/54160fb1db2de367485f21e30196c42f7ee0be4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9"
        }
      ],
      "title": "block/ioctl: prefer different overflow check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41000",
    "datePublished": "2024-07-12T12:37:41.189Z",
    "dateReserved": "2024-07-12T12:17:45.608Z",
    "dateUpdated": "2026-01-05T10:37:16.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49983 (GCVE-0-2024-49983)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:24

Title

ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free When calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(), the 'ppath' is updated but it is the 'path' that is freed, thus potentially triggering a double-free in the following process: ext4_ext_replay_update_ex ppath = path ext4_force_split_extent_at(&ppath) ext4_split_extent_at ext4_ext_insert_extent ext4_ext_create_new_leaf ext4_ext_grow_indepth ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path) ---> path First freed *orig_path = path = NULL ---> null ppath kfree(path) ---> path double-free !!! So drop the unnecessary ppath and use path directly to avoid this problem. And use ext4_find_extent() directly to update path, avoiding unnecessary memory allocation and freeing. Also, propagate the error returned by ext4_find_extent() instead of using strange error codes.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8c26d9e53e5fbacda…
	https://git.kernel.org/stable/c/a34bed97836411439…
	https://git.kernel.org/stable/c/6367d3f04c69e2b87…
	https://git.kernel.org/stable/c/1b558006d98b7b0b7…
	https://git.kernel.org/stable/c/3ff710662e8d86a63…
	https://git.kernel.org/stable/c/63adc9016917e6970…
	https://git.kernel.org/stable/c/5c0f4cc84d3a601c9…

Impacted products

Vendor

Product

Version

Linux

Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 8c26d9e53e5fbacda0732a577e97c5a5b7882aaf (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < a34bed978364114390162c27e50fca50791c568d (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 6367d3f04c69e2b8770b8137bd800e0784b0abbc (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 1b558006d98b7b0b730027be0ee98973dd10ee0d (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 3ff710662e8d86a63a39b334e9ca0cb10e5c14b0 (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 63adc9016917e6970fb0104ee5fd6770f02b2d80 (git)
Affected: 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 , < 5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95 (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49983",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:32:15.569255Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:44.023Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:24:05.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/extents.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8c26d9e53e5fbacda0732a577e97c5a5b7882aaf",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "a34bed978364114390162c27e50fca50791c568d",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "6367d3f04c69e2b8770b8137bd800e0784b0abbc",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "1b558006d98b7b0b730027be0ee98973dd10ee0d",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "3ff710662e8d86a63a39b334e9ca0cb10e5c14b0",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "63adc9016917e6970fb0104ee5fd6770f02b2d80",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            },
            {
              "lessThan": "5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95",
              "status": "affected",
              "version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/extents.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free\n\nWhen calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),\nthe \u0027ppath\u0027 is updated but it is the \u0027path\u0027 that is freed, thus potentially\ntriggering a double-free in the following process:\n\next4_ext_replay_update_ex\n  ppath = path\n  ext4_force_split_extent_at(\u0026ppath)\n    ext4_split_extent_at\n      ext4_ext_insert_extent\n        ext4_ext_create_new_leaf\n          ext4_ext_grow_indepth\n            ext4_find_extent\n              if (depth \u003e path[0].p_maxdepth)\n                kfree(path)                 ---\u003e path First freed\n                *orig_path = path = NULL    ---\u003e null ppath\n  kfree(path)                               ---\u003e path double-free !!!\n\nSo drop the unnecessary ppath and use path directly to avoid this problem.\nAnd use ext4_find_extent() directly to update path, avoiding unnecessary\nmemory allocation and freeing. Also, propagate the error returned by\next4_find_extent() instead of using strange error codes."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:42:59.986Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8c26d9e53e5fbacda0732a577e97c5a5b7882aaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/a34bed978364114390162c27e50fca50791c568d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6367d3f04c69e2b8770b8137bd800e0784b0abbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b558006d98b7b0b730027be0ee98973dd10ee0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ff710662e8d86a63a39b334e9ca0cb10e5c14b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/63adc9016917e6970fb0104ee5fd6770f02b2d80"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95"
        }
      ],
      "title": "ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49983",
    "datePublished": "2024-10-21T18:02:28.474Z",
    "dateReserved": "2024-10-21T12:17:06.053Z",
    "dateUpdated": "2025-11-03T22:24:05.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40570 (GCVE-0-2025-40570)

Vulnerability from cvelistv5 – Published: 2025-08-12 11:17 – Updated: 2025-08-12 20:08

Summary

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.

Severity ?

2.4 (Low)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

2.4 (Low)


                        
                          CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

SIPROTEC 5 6MD84 (CP300)

Affected: 0 , < V10.0 (custom)

Siemens	SIPROTEC 5 6MD85 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 6MD86 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 6MD89 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 6MU85 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7KE85 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SA82 (CP150)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SA86 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SA87 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SD82 (CP150)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SD86 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SD87 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SJ81 (CP150)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SJ82 (CP150)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SJ85 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SJ86 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SK82 (CP150)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SK85 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SL82 (CP150)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SL86 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SL87 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SS85 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7ST85 (CP300)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7ST86 (CP300)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SX82 (CP150)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SX85 (CP300)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7SY82 (CP150)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7UM85 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7UT82 (CP150)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 7UT85 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7UT86 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7UT87 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7VE85 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7VK87 (CP300)	Affected: V7.80 , < V10.0 (custom)
Siemens	SIPROTEC 5 7VU85 (CP300)	Affected: 0 , < V10.0 (custom)
Siemens	SIPROTEC 5 Compact 7SX800 (CP050)	Affected: 0 , < V10.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40570",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T20:08:07.253344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T20:08:15.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD84 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD89 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7KE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ81 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SS85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SY82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UM85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VK87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Compact 7SX800 (CP050)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V10.0), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V10.0), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V10.0), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V10.0), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V10.0), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7ST85 (CP300) (All versions \u003c V10.0), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V10.0), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V10.0), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V10.0), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V10.0), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V10.0), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V7.80 \u003c V10.0), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T11:17:01.195Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-894058.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-40570",
    "datePublished": "2025-08-12T11:17:01.195Z",
    "dateReserved": "2025-04-16T08:20:17.031Z",
    "dateUpdated": "2025-08-12T20:08:15.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49966 (GCVE-0-2024-49966)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23

Title

ocfs2: cancel dqi_sync_work before freeing oinfo

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end, if error occurs after successfully reading global quota, it will trigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled: ODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c This reports that there is an active delayed work when freeing oinfo in error handling, so cancel dqi_sync_work first. BTW, return status instead of -1 when .read_file_info fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fc5cc716dfbdc5fd5…
	https://git.kernel.org/stable/c/89043e7ed63c7fc14…
	https://git.kernel.org/stable/c/14114d8148db07e79…
	https://git.kernel.org/stable/c/4173d1277c00baeed…
	https://git.kernel.org/stable/c/bbf41277df8b33fbe…
	https://git.kernel.org/stable/c/ef768020366f47d23…
	https://git.kernel.org/stable/c/a4346c04d055bf7e1…
	https://git.kernel.org/stable/c/0d707a33c84b371cb…
	https://git.kernel.org/stable/c/35fccce29feb3706f…

Impacted products

Vendor

Product

Version

Linux

Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc (git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 89043e7ed63c7fc141e68ea5a79758ed24b6c699 (git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 14114d8148db07e7946fb06b56a50cfa425e26c7 (git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 4173d1277c00baeedaaca76783e98b8fd0e3c08d (git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < bbf41277df8b33fbedf4750a9300c147e8f104eb (git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < ef768020366f47d23f39c4f57bcb03af6d1e24b3 (git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < a4346c04d055bf7e184c18a73dbd23b6a9811118 (git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 0d707a33c84b371cb66120e198eed3374726ddd8 (git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 35fccce29feb3706f649726d410122dd81b92c18 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49966",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:34:26.104655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:46.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:48.460Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/quota_local.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc",
              "status": "affected",
              "version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
              "versionType": "git"
            },
            {
              "lessThan": "89043e7ed63c7fc141e68ea5a79758ed24b6c699",
              "status": "affected",
              "version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
              "versionType": "git"
            },
            {
              "lessThan": "14114d8148db07e7946fb06b56a50cfa425e26c7",
              "status": "affected",
              "version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
              "versionType": "git"
            },
            {
              "lessThan": "4173d1277c00baeedaaca76783e98b8fd0e3c08d",
              "status": "affected",
              "version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
              "versionType": "git"
            },
            {
              "lessThan": "bbf41277df8b33fbedf4750a9300c147e8f104eb",
              "status": "affected",
              "version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
              "versionType": "git"
            },
            {
              "lessThan": "ef768020366f47d23f39c4f57bcb03af6d1e24b3",
              "status": "affected",
              "version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
              "versionType": "git"
            },
            {
              "lessThan": "a4346c04d055bf7e184c18a73dbd23b6a9811118",
              "status": "affected",
              "version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
              "versionType": "git"
            },
            {
              "lessThan": "0d707a33c84b371cb66120e198eed3374726ddd8",
              "status": "affected",
              "version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
              "versionType": "git"
            },
            {
              "lessThan": "35fccce29feb3706f649726d410122dd81b92c18",
              "status": "affected",
              "version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/quota_local.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: cancel dqi_sync_work before freeing oinfo\n\nocfs2_global_read_info() will initialize and schedule dqi_sync_work at the\nend, if error occurs after successfully reading global quota, it will\ntrigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:\n\nODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c\n\nThis reports that there is an active delayed work when freeing oinfo in\nerror handling, so cancel dqi_sync_work first.  BTW, return status instead\nof -1 when .read_file_info fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:42:34.255Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc"
        },
        {
          "url": "https://git.kernel.org/stable/c/89043e7ed63c7fc141e68ea5a79758ed24b6c699"
        },
        {
          "url": "https://git.kernel.org/stable/c/14114d8148db07e7946fb06b56a50cfa425e26c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/4173d1277c00baeedaaca76783e98b8fd0e3c08d"
        },
        {
          "url": "https://git.kernel.org/stable/c/bbf41277df8b33fbedf4750a9300c147e8f104eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef768020366f47d23f39c4f57bcb03af6d1e24b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4346c04d055bf7e184c18a73dbd23b6a9811118"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d707a33c84b371cb66120e198eed3374726ddd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/35fccce29feb3706f649726d410122dd81b92c18"
        }
      ],
      "title": "ocfs2: cancel dqi_sync_work before freeing oinfo",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49966",
    "datePublished": "2024-10-21T18:02:17.076Z",
    "dateReserved": "2024-10-21T12:17:06.050Z",
    "dateUpdated": "2025-11-03T22:23:48.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52606 (GCVE-0-2023-52606)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2026-01-05 10:16

Title

powerpc/lib: Validate size for vector operations

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/42084a428a139f1a4…
	https://git.kernel.org/stable/c/0580f4403ad33f379…
	https://git.kernel.org/stable/c/beee482cc4c9a6b1d…
	https://git.kernel.org/stable/c/de4f5ed63b8a19970…
	https://git.kernel.org/stable/c/abd26515d4b767ba4…
	https://git.kernel.org/stable/c/28b8ba8eebf26f66d…
	https://git.kernel.org/stable/c/848e1d7fd71090039…
	https://git.kernel.org/stable/c/8f9abaa6d7de0a70f…

Impacted products

Vendor

Product

Version

Linux

Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 42084a428a139f1a429f597d44621e3a18f3e414 (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 0580f4403ad33f379eef865c2a6fe94de37febdf (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < beee482cc4c9a6b1dcffb2e190b4fd8782258678 (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < de4f5ed63b8a199704d8cdcbf810309d7eb4b36b (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < abd26515d4b767ba48241eea77b28ce0872aef3e (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 28b8ba8eebf26f66d9f2df4ba550b6b3b136082c (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 848e1d7fd710900397e1d0e7584680c1c04e3afd (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52606",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-06T15:40:47.591136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:50.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.178Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/lib/sstep.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "42084a428a139f1a429f597d44621e3a18f3e414",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "0580f4403ad33f379eef865c2a6fe94de37febdf",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "beee482cc4c9a6b1dcffb2e190b4fd8782258678",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "de4f5ed63b8a199704d8cdcbf810309d7eb4b36b",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "abd26515d4b767ba48241eea77b28ce0872aef3e",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "28b8ba8eebf26f66d9f2df4ba550b6b3b136082c",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "848e1d7fd710900397e1d0e7584680c1c04e3afd",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "8f9abaa6d7de0a70fc68acaedce290c1f96e2e59",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/lib/sstep.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/lib: Validate size for vector operations\n\nSome of the fp/vmx code in sstep.c assume a certain maximum size for the\ninstructions being emulated. The size of those operations however is\ndetermined separately in analyse_instr().\n\nAdd a check to validate the assumption on the maximum size of the\noperations, so as to prevent any unintended kernel stack corruption."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:38.660Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414"
        },
        {
          "url": "https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678"
        },
        {
          "url": "https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b"
        },
        {
          "url": "https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c"
        },
        {
          "url": "https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59"
        }
      ],
      "title": "powerpc/lib: Validate size for vector operations",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52606",
    "datePublished": "2024-03-06T06:45:31.257Z",
    "dateReserved": "2024-03-02T21:55:42.573Z",
    "dateUpdated": "2026-01-05T10:16:38.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-6040 (GCVE-0-2023-6040)

Vulnerability from cvelistv5 – Published: 2024-01-12 01:37 – Updated: 2025-06-17 21:09

Title

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)

Summary

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-125

Assigner

canonical

References

URL

Tags

	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV…	issue-tracking
	https://www.openwall.com/lists/oss-security/2024/…	mailing-list
	http://www.openwall.com/lists/oss-security/2024/01/12/1
	http://packetstormsecurity.com/files/177029/Kerne…
	https://lists.debian.org/debian-lts-announce/2024…
	https://lists.debian.org/debian-lts-announce/2024…

Impacted products

	Vendor	Product	Version
	The Linux Kernel Organization	linux	Affected: 0 , < 5.18-rc1 (semver)

Credits

Lin Ma from Ant Security Light-Year Lab & ZJU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040"
          },
          {
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2024/01/12/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/12/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6040",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-12T16:55:56.231770Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:09:18.328Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "packageName": "linux",
          "platforms": [
            "Linux"
          ],
          "product": "linux",
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git",
          "vendor": "The Linux Kernel Organization",
          "versions": [
            {
              "lessThan": "5.18-rc1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lin Ma from Ant Security Light-Year Lab \u0026 ZJU"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-27T12:12:45.871Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040"
        },
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2024/01/12/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/01/12/1"
        },
        {
          "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ],
      "title": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disabling unprivileged user namespaces mitigates the issue."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2023-6040",
    "datePublished": "2024-01-12T01:37:45.387Z",
    "dateReserved": "2023-11-08T20:12:50.288Z",
    "dateUpdated": "2025-06-17T21:09:18.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-44998 (GCVE-0-2024-44998)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

atm: idt77252: prevent use after free in dequeue_rx()

Summary

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/628ea82190a678a56…
	https://git.kernel.org/stable/c/09e086a5f72ea27c7…
	https://git.kernel.org/stable/c/1cece837e387c0392…
	https://git.kernel.org/stable/c/24cf390a5426aac92…
	https://git.kernel.org/stable/c/379a6a326514a3e2f…
	https://git.kernel.org/stable/c/ef23c18ab88e33ce0…
	https://git.kernel.org/stable/c/91b4850e7165a4b71…
	https://git.kernel.org/stable/c/a9a18e8f770c9b070…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 628ea82190a678a56d2ec38cda3addf3b3a6248d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 09e086a5f72ea27c758b3f3b419a69000c32adc1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1cece837e387c039225f19028df255df87a97c0d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 24cf390a5426aac9255205e9533cdd7b4235d518 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 379a6a326514a3e2f71b674091dfb0e0e7522b55 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ef23c18ab88e33ce000d06a5c6aad0620f219bfd (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 91b4850e7165a4b7180ef1e227733bcb41ccdf10 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a9a18e8f770c9b0703dab93580d0b02e199a4c79 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.321 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44998",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:05.283493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:17.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:54.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/atm/idt77252.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "628ea82190a678a56d2ec38cda3addf3b3a6248d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "09e086a5f72ea27c758b3f3b419a69000c32adc1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1cece837e387c039225f19028df255df87a97c0d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "24cf390a5426aac9255205e9533cdd7b4235d518",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "379a6a326514a3e2f71b674091dfb0e0e7522b55",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ef23c18ab88e33ce000d06a5c6aad0620f219bfd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "91b4850e7165a4b7180ef1e227733bcb41ccdf10",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a9a18e8f770c9b0703dab93580d0b02e199a4c79",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/atm/idt77252.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.321",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\u0027t dereference \"skb\" after calling vcc-\u003epush() because the skb\nis released."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:42.730Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518"
        },
        {
          "url": "https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd"
        },
        {
          "url": "https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79"
        }
      ],
      "title": "atm: idt77252: prevent use after free in dequeue_rx()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44998",
    "datePublished": "2024-09-04T19:54:42.826Z",
    "dateReserved": "2024-08-21T05:34:56.672Z",
    "dateUpdated": "2025-11-03T22:14:54.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56785 (GCVE-0-2024-56785)

Vulnerability from cvelistv5 – Published: 2025-01-08 17:52 – Updated: 2026-01-05 10:56

Title

MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a

Summary

In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: '#interrupt-cells' found, but node is not an interrupt provider arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: '#interrupt-cells' found, but node is not an interrupt provider arch/mips/boot/dts/loongson/loongson64g_4core_ls7a.dtb: Warning (interrupt_map): Failed prerequisite 'interrupt_provider' And a runtime warning introduced in commit 045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells handling"): WARNING: CPU: 0 PID: 1 at drivers/of/base.c:106 of_bus_n_addr_cells+0x9c/0xe0 Missing '#address-cells' in /bus@10000000/pci@1a000000/pci_bridge@9,0 The fix is similar to commit d89a415ff8d5 ("MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a"), which has fixed the issue for ls2k (despite its subject mentions ls7a).

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5a2eaa3ad2b803c7e…
	https://git.kernel.org/stable/c/a7fd78075031871bc…
	https://git.kernel.org/stable/c/c8ee41fc3522c6659…
	https://git.kernel.org/stable/c/8ef9ea1503d0a129c…
	https://git.kernel.org/stable/c/01575f2ff8ba578a3…
	https://git.kernel.org/stable/c/4fbd66d8254cedfd1…

Impacted products

Vendor

Product

Version

Linux

Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < 5a2eaa3ad2b803c7ea442c6db7379466ee73c024 (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < a7fd78075031871bc68fc56fdaa6e7a3934064b1 (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < c8ee41fc3522c6659e324d90bc2ccd3b6310d7fc (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < 8ef9ea1503d0a129cc6f5cf48fb63633efa5d766 (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < 01575f2ff8ba578a3436f230668bd056dc2eb823 (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < 4fbd66d8254cedfd1218393f39d83b6c07a01917 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56785",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:56:08.899227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:23.234Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:23.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/boot/dts/loongson/ls7a-pch.dtsi"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a2eaa3ad2b803c7ea442c6db7379466ee73c024",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "a7fd78075031871bc68fc56fdaa6e7a3934064b1",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "c8ee41fc3522c6659e324d90bc2ccd3b6310d7fc",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "8ef9ea1503d0a129cc6f5cf48fb63633efa5d766",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "01575f2ff8ba578a3436f230668bd056dc2eb823",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "4fbd66d8254cedfd1218393f39d83b6c07a01917",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/boot/dts/loongson/ls7a-pch.dtsi"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a\n\nFix the dtc warnings:\n\n    arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: \u0027#interrupt-cells\u0027 found, but node is not an interrupt provider\n    arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: \u0027#interrupt-cells\u0027 found, but node is not an interrupt provider\n    arch/mips/boot/dts/loongson/loongson64g_4core_ls7a.dtb: Warning (interrupt_map): Failed prerequisite \u0027interrupt_provider\u0027\n\nAnd a runtime warning introduced in commit 045b14ca5c36 (\"of: WARN on\ndeprecated #address-cells/#size-cells handling\"):\n\n    WARNING: CPU: 0 PID: 1 at drivers/of/base.c:106 of_bus_n_addr_cells+0x9c/0xe0\n    Missing \u0027#address-cells\u0027 in /bus@10000000/pci@1a000000/pci_bridge@9,0\n\nThe fix is similar to commit d89a415ff8d5 (\"MIPS: Loongson64: DTS: Fix PCIe\nport nodes for ls7a\"), which has fixed the issue for ls2k (despite its\nsubject mentions ls7a)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:56:21.534Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a2eaa3ad2b803c7ea442c6db7379466ee73c024"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7fd78075031871bc68fc56fdaa6e7a3934064b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8ee41fc3522c6659e324d90bc2ccd3b6310d7fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ef9ea1503d0a129cc6f5cf48fb63633efa5d766"
        },
        {
          "url": "https://git.kernel.org/stable/c/01575f2ff8ba578a3436f230668bd056dc2eb823"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fbd66d8254cedfd1218393f39d83b6c07a01917"
        }
      ],
      "title": "MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56785",
    "datePublished": "2025-01-08T17:52:01.312Z",
    "dateReserved": "2024-12-29T11:26:39.769Z",
    "dateUpdated": "2026-01-05T10:56:21.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35833 (GCVE-0-2024-35833)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:48 – Updated: 2025-05-04 09:06

Title

dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA

Summary

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling path of fsl_qdma_probe(). Switch to the managed version to fix both issues.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1c75fe450b5200c78…
	https://git.kernel.org/stable/c/ae6769ba51417c1c8…
	https://git.kernel.org/stable/c/15eb996d7d13cb72a…
	https://git.kernel.org/stable/c/25ab4d72eb7cbfa0f…
	https://git.kernel.org/stable/c/5cd8a51517ce15edb…
	https://git.kernel.org/stable/c/198270de9d8eb3b5d…
	https://git.kernel.org/stable/c/3aa58cb51318e329d…

Impacted products

Vendor

Product

Version

Linux

Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < ae6769ba51417c1c86fb645812d5bff455eee802 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 15eb996d7d13cb72a16389231945ada8f0fef2c3 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 198270de9d8eb3b5d5f030825ea303ef95285d24 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 3aa58cb51318e329d203857f7a191678e60bb714 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.78 , ≤ 6.1.* (semver)
Unaffected: 6.6.17 , ≤ 6.6.* (semver)
Unaffected: 6.7.5 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35833",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T18:42:15.309549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:28:55.561Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae6769ba51417c1c86fb645812d5bff455eee802"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/15eb996d7d13cb72a16389231945ada8f0fef2c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/198270de9d8eb3b5d5f030825ea303ef95285d24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3aa58cb51318e329d203857f7a191678e60bb714"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/fsl-qdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "ae6769ba51417c1c86fb645812d5bff455eee802",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "15eb996d7d13cb72a16389231945ada8f0fef2c3",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "198270de9d8eb3b5d5f030825ea303ef95285d24",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "3aa58cb51318e329d203857f7a191678e60bb714",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/fsl-qdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.78",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.17",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA\n\nThis dma_alloc_coherent() is undone neither in the remove function, nor in\nthe error handling path of fsl_qdma_probe().\n\nSwitch to the managed version to fix both issues."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:25.326Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae6769ba51417c1c86fb645812d5bff455eee802"
        },
        {
          "url": "https://git.kernel.org/stable/c/15eb996d7d13cb72a16389231945ada8f0fef2c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59"
        },
        {
          "url": "https://git.kernel.org/stable/c/5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6"
        },
        {
          "url": "https://git.kernel.org/stable/c/198270de9d8eb3b5d5f030825ea303ef95285d24"
        },
        {
          "url": "https://git.kernel.org/stable/c/3aa58cb51318e329d203857f7a191678e60bb714"
        }
      ],
      "title": "dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35833",
    "datePublished": "2024-05-17T13:48:24.319Z",
    "dateReserved": "2024-05-17T12:19:12.349Z",
    "dateUpdated": "2025-05-04T09:06:25.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-44954 (GCVE-0-2024-44954)

Vulnerability from cvelistv5 – Published: 2024-09-04 18:35 – Updated: 2026-01-05 10:52

Title

ALSA: line6: Fix racy access to midibuf

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/643293b68fbb6c03f…
	https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa…
	https://git.kernel.org/stable/c/e7e7d2b180d8f297c…
	https://git.kernel.org/stable/c/a54da4b787dcac60b…
	https://git.kernel.org/stable/c/c80f454a805443c27…
	https://git.kernel.org/stable/c/535df7f896a568a8a…
	https://git.kernel.org/stable/c/51d87f11dd199bbc6…
	https://git.kernel.org/stable/c/15b7a03205b31bc56…

Impacted products

Vendor

Product

Version

Linux

Affected: 705ececd1c60d0f5d6ef2a719008847883516970 , < 643293b68fbb6c03f5e907736498da17d43f0d81 (git)
Affected: 705ececd1c60d0f5d6ef2a719008847883516970 , < 40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5 (git)
Affected: 705ececd1c60d0f5d6ef2a719008847883516970 , < e7e7d2b180d8f297cea6db43ea72402fd33e1a29 (git)
Affected: 705ececd1c60d0f5d6ef2a719008847883516970 , < a54da4b787dcac60b598da69c9c0072812b8282d (git)
Affected: 705ececd1c60d0f5d6ef2a719008847883516970 , < c80f454a805443c274394b1db0d1ebf477abd94e (git)
Affected: 705ececd1c60d0f5d6ef2a719008847883516970 , < 535df7f896a568a8a1564114eaea49d002cb1747 (git)
Affected: 705ececd1c60d0f5d6ef2a719008847883516970 , < 51d87f11dd199bbc6a85982b088ff27bde53b48a (git)
Affected: 705ececd1c60d0f5d6ef2a719008847883516970 , < 15b7a03205b31bc5623378c190d22b7ff60026f1 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.105 , ≤ 6.1.* (semver)
Unaffected: 6.6.46 , ≤ 6.6.* (semver)
Unaffected: 6.10.5 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44954",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:10.329711Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:34.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:04.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/line6/driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "643293b68fbb6c03f5e907736498da17d43f0d81",
              "status": "affected",
              "version": "705ececd1c60d0f5d6ef2a719008847883516970",
              "versionType": "git"
            },
            {
              "lessThan": "40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5",
              "status": "affected",
              "version": "705ececd1c60d0f5d6ef2a719008847883516970",
              "versionType": "git"
            },
            {
              "lessThan": "e7e7d2b180d8f297cea6db43ea72402fd33e1a29",
              "status": "affected",
              "version": "705ececd1c60d0f5d6ef2a719008847883516970",
              "versionType": "git"
            },
            {
              "lessThan": "a54da4b787dcac60b598da69c9c0072812b8282d",
              "status": "affected",
              "version": "705ececd1c60d0f5d6ef2a719008847883516970",
              "versionType": "git"
            },
            {
              "lessThan": "c80f454a805443c274394b1db0d1ebf477abd94e",
              "status": "affected",
              "version": "705ececd1c60d0f5d6ef2a719008847883516970",
              "versionType": "git"
            },
            {
              "lessThan": "535df7f896a568a8a1564114eaea49d002cb1747",
              "status": "affected",
              "version": "705ececd1c60d0f5d6ef2a719008847883516970",
              "versionType": "git"
            },
            {
              "lessThan": "51d87f11dd199bbc6a85982b088ff27bde53b48a",
              "status": "affected",
              "version": "705ececd1c60d0f5d6ef2a719008847883516970",
              "versionType": "git"
            },
            {
              "lessThan": "15b7a03205b31bc5623378c190d22b7ff60026f1",
              "status": "affected",
              "version": "705ececd1c60d0f5d6ef2a719008847883516970",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/line6/driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:40.649Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81"
        },
        {
          "url": "https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29"
        },
        {
          "url": "https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e"
        },
        {
          "url": "https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747"
        },
        {
          "url": "https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a"
        },
        {
          "url": "https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1"
        }
      ],
      "title": "ALSA: line6: Fix racy access to midibuf",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44954",
    "datePublished": "2024-09-04T18:35:53.730Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2026-01-05T10:52:40.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44987 (GCVE-0-2024-44987)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

ipv6: prevent UAF in ip6_send_skb()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has been fixed in commit a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()") Another potential issue in ip6_finish_output2() is handled in a separate patch. [1] BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 Read of size 8 at addr ffff88806dde4858 by task syz.1.380/6530 CPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588 rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 do_iter_readv_writev+0x60a/0x890 vfs_writev+0x37c/0xbb0 fs/read_write.c:971 do_writev+0x1b1/0x350 fs/read_write.c:1018 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f936bf79e79 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79 RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004 RBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8 </TASK> Allocated by task 6530: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3988 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044 dst_alloc+0x12b/0x190 net/core/dst.c:89 ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670 make_blackhole net/xfrm/xfrm_policy.c:3120 [inline] xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313 ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257 rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 45: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2252 [inline] slab_free mm/slub.c:4473 [inline] kmem_cache_free+0x145/0x350 mm/slub.c:4548 dst_destroy+0x2ac/0x460 net/core/dst.c:124 rcu_do_batch kernel/rcu/tree.c:2569 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree. ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/571567e0277008459…
	https://git.kernel.org/stable/c/ce2f6cfab2c637d0b…
	https://git.kernel.org/stable/c/cb5880a0de12c7f61…
	https://git.kernel.org/stable/c/24e93695b1239fbe4…
	https://git.kernel.org/stable/c/9a3e55afa95ed4ac9…
	https://git.kernel.org/stable/c/af1dde074ee2ed7dd…
	https://git.kernel.org/stable/c/e44bd76dd072756e6…
	https://git.kernel.org/stable/c/faa389b2fbaaec7fd…

Impacted products

Vendor

Product

Version

Linux

Affected: 0625491493d9000e4556bf566d205c28c8e7dc4e , < 571567e0277008459750f0728f246086b2659429 (git)
Affected: 0625491493d9000e4556bf566d205c28c8e7dc4e , < ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8 (git)
Affected: 0625491493d9000e4556bf566d205c28c8e7dc4e , < cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e (git)
Affected: 0625491493d9000e4556bf566d205c28c8e7dc4e , < 24e93695b1239fbe4c31e224372be77f82dab69a (git)
Affected: 0625491493d9000e4556bf566d205c28c8e7dc4e , < 9a3e55afa95ed4ac9eda112d4f918af645d72f25 (git)
Affected: 0625491493d9000e4556bf566d205c28c8e7dc4e , < af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011 (git)
Affected: 0625491493d9000e4556bf566d205c28c8e7dc4e , < e44bd76dd072756e674f45c5be00153f4ded68b2 (git)
Affected: 0625491493d9000e4556bf566d205c28c8e7dc4e , < faa389b2fbaaec7fd27a390b4896139f9da662e3 (git)

Linux

Affected: 2.6.32
Unaffected: 0 , < 2.6.32 (semver)
Unaffected: 4.19.321 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44987",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:20:00.407827Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:21:05.118Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:37.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "571567e0277008459750f0728f246086b2659429",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "24e93695b1239fbe4c31e224372be77f82dab69a",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "9a3e55afa95ed4ac9eda112d4f918af645d72f25",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "e44bd76dd072756e674f45c5be00153f4ded68b2",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "faa389b2fbaaec7fd27a390b4896139f9da662e3",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.32"
            },
            {
              "lessThan": "2.6.32",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.321",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb (\"ipv6: take rcu lock in rawv6_send_hdrinc()\")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n \u003c/TASK\u003e\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:28.766Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25"
        },
        {
          "url": "https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011"
        },
        {
          "url": "https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3"
        }
      ],
      "title": "ipv6: prevent UAF in ip6_send_skb()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44987",
    "datePublished": "2024-09-04T19:54:35.510Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2025-11-03T22:14:37.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46761 (GCVE-0-2024-46761)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-01-05 10:53

Title

pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv

Summary

In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4eb4085c1346d19d4…
	https://git.kernel.org/stable/c/c4c681999d385e28f…
	https://git.kernel.org/stable/c/bc1faed19db95abf0…
	https://git.kernel.org/stable/c/c0d8094dc740cfacf…
	https://git.kernel.org/stable/c/438d522227374042b…
	https://git.kernel.org/stable/c/b82d4d5c736f4fd2e…
	https://git.kernel.org/stable/c/bfc44075b19740d37…
	https://git.kernel.org/stable/c/335e35b748527f0c0…

Impacted products

Vendor

Product

Version

Linux

Affected: 49f4b08e61547a5ccd2db551d994c4503efe5666 , < 4eb4085c1346d19d4a05c55246eb93e74e671048 (git)
Affected: 49f4b08e61547a5ccd2db551d994c4503efe5666 , < c4c681999d385e28f84808bbf3a85ea8e982da55 (git)
Affected: 49f4b08e61547a5ccd2db551d994c4503efe5666 , < bc1faed19db95abf0933b104910a3fb01b138f59 (git)
Affected: 49f4b08e61547a5ccd2db551d994c4503efe5666 , < c0d8094dc740cfacf3775bbc6a1c4720459e8de4 (git)
Affected: 49f4b08e61547a5ccd2db551d994c4503efe5666 , < 438d522227374042b5c8798f8ce83bbe479dca4d (git)
Affected: 49f4b08e61547a5ccd2db551d994c4503efe5666 , < b82d4d5c736f4fd2ed224c35f554f50d1953d21e (git)
Affected: 49f4b08e61547a5ccd2db551d994c4503efe5666 , < bfc44075b19740d372f989f21dd03168bfda0689 (git)
Affected: 49f4b08e61547a5ccd2db551d994c4503efe5666 , < 335e35b748527f0c06ded9eebb65387f60647fda (git)
Affected: 1fb738a3dc1304250c755e5e31715137c1c44c50 (git)
Affected: bc4c9766324a7e9fda48de58691796430c8511bf (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46761",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:43:48.967345Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:44:03.634Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:06.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/hotplug/pnv_php.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4eb4085c1346d19d4a05c55246eb93e74e671048",
              "status": "affected",
              "version": "49f4b08e61547a5ccd2db551d994c4503efe5666",
              "versionType": "git"
            },
            {
              "lessThan": "c4c681999d385e28f84808bbf3a85ea8e982da55",
              "status": "affected",
              "version": "49f4b08e61547a5ccd2db551d994c4503efe5666",
              "versionType": "git"
            },
            {
              "lessThan": "bc1faed19db95abf0933b104910a3fb01b138f59",
              "status": "affected",
              "version": "49f4b08e61547a5ccd2db551d994c4503efe5666",
              "versionType": "git"
            },
            {
              "lessThan": "c0d8094dc740cfacf3775bbc6a1c4720459e8de4",
              "status": "affected",
              "version": "49f4b08e61547a5ccd2db551d994c4503efe5666",
              "versionType": "git"
            },
            {
              "lessThan": "438d522227374042b5c8798f8ce83bbe479dca4d",
              "status": "affected",
              "version": "49f4b08e61547a5ccd2db551d994c4503efe5666",
              "versionType": "git"
            },
            {
              "lessThan": "b82d4d5c736f4fd2ed224c35f554f50d1953d21e",
              "status": "affected",
              "version": "49f4b08e61547a5ccd2db551d994c4503efe5666",
              "versionType": "git"
            },
            {
              "lessThan": "bfc44075b19740d372f989f21dd03168bfda0689",
              "status": "affected",
              "version": "49f4b08e61547a5ccd2db551d994c4503efe5666",
              "versionType": "git"
            },
            {
              "lessThan": "335e35b748527f0c06ded9eebb65387f60647fda",
              "status": "affected",
              "version": "49f4b08e61547a5ccd2db551d994c4503efe5666",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1fb738a3dc1304250c755e5e31715137c1c44c50",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bc4c9766324a7e9fda48de58691796430c8511bf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/hotplug/pnv_php.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.10.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:14.938Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4"
        },
        {
          "url": "https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689"
        },
        {
          "url": "https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda"
        }
      ],
      "title": "pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46761",
    "datePublished": "2024-09-18T07:12:20.852Z",
    "dateReserved": "2024-09-11T15:12:18.272Z",
    "dateUpdated": "2026-01-05T10:53:14.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46818 (GCVE-0-2024-46818)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:19

Title

drm/amd/display: Check gpio_id before used as array index

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8520fdc8ecc38f240…
	https://git.kernel.org/stable/c/40c2e8bc117cab8bc…
	https://git.kernel.org/stable/c/0184cca30cad74d88…
	https://git.kernel.org/stable/c/276e3fd93e3beb589…
	https://git.kernel.org/stable/c/08e7755f754e3d2ce…
	https://git.kernel.org/stable/c/3d4198ab612ad48f7…
	https://git.kernel.org/stable/c/2a5626eeb3b5eec7a…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 8520fdc8ecc38f240a8e9e7af89cca6739c3e790 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 40c2e8bc117cab8bca8814735f28a8b121654a84 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 0184cca30cad74d88f5c875d4e26999e26325700 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 276e3fd93e3beb5894eb1cc8480f9f417d51524d (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 08e7755f754e3d2cef7d3a7da538d33526bd6f7c (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 3d4198ab612ad48f73383ad3bb5663e6f0cdf406 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46818",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:15:06.184629Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:15:15.550Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:19:05.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8520fdc8ecc38f240a8e9e7af89cca6739c3e790",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "40c2e8bc117cab8bca8814735f28a8b121654a84",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "0184cca30cad74d88f5c875d4e26999e26325700",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "276e3fd93e3beb5894eb1cc8480f9f417d51524d",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "08e7755f754e3d2cef7d3a7da538d33526bd6f7c",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "3d4198ab612ad48f73383ad3bb5663e6f0cdf406",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "2a5626eeb3b5eec7a36886f9556113dd93ec8ed6",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:20:43.164Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790"
        },
        {
          "url": "https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84"
        },
        {
          "url": "https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700"
        },
        {
          "url": "https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d"
        },
        {
          "url": "https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6"
        }
      ],
      "title": "drm/amd/display: Check gpio_id before used as array index",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46818",
    "datePublished": "2024-09-27T12:35:59.187Z",
    "dateReserved": "2024-09-11T15:12:18.284Z",
    "dateUpdated": "2025-11-03T22:19:05.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47668 (GCVE-0-2024-47668)

Vulnerability from cvelistv5 – Published: 2024-10-09 14:14 – Updated: 2026-01-05 10:53

Title

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

Summary

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated node that might be used later. If we then use that node for a new non-root node, it'll still have a pointer to the old root instead of being zeroed - fix this by zeroing it in the cmpxchg failure path.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0f27f4f445390cb7f…
	https://git.kernel.org/stable/c/99418ec776a39609f…
	https://git.kernel.org/stable/c/ad5ee9feebc2eb8cf…
	https://git.kernel.org/stable/c/ebeff038744c498a0…
	https://git.kernel.org/stable/c/d942e855324a60107…
	https://git.kernel.org/stable/c/0f078f8ca93b28a34…
	https://git.kernel.org/stable/c/b2f11c6f3e1fc6074…

Impacted products

Vendor

Product

Version

Linux

Affected: ba20ba2e3743bac786dff777954c11930256075e , < 0f27f4f445390cb7f73d4209cb2bf32834dc53da (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < 99418ec776a39609f50934720419e0b464ca2283 (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169 (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < ebeff038744c498a036e7a92eb8e433ae0a386d7 (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < d942e855324a60107025c116245095632476613e (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < 0f078f8ca93b28a34e20bd050f12cd4efeee7c0f (git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < b2f11c6f3e1fc60742673b8675c95b78447f3dae (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47668",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:21:11.227741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:21:24.795Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:20:33.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "lib/generic-radix-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0f27f4f445390cb7f73d4209cb2bf32834dc53da",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "99418ec776a39609f50934720419e0b464ca2283",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "ebeff038744c498a036e7a92eb8e433ae0a386d7",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "d942e855324a60107025c116245095632476613e",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "0f078f8ca93b28a34e20bd050f12cd4efeee7c0f",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "b2f11c6f3e1fc60742673b8675c95b78447f3dae",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "lib/generic-radix-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we\u0027ll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it\u0027ll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:56.917Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da"
        },
        {
          "url": "https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae"
        }
      ],
      "title": "lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47668",
    "datePublished": "2024-10-09T14:14:00.189Z",
    "dateReserved": "2024-09-30T16:00:12.936Z",
    "dateUpdated": "2026-01-05T10:53:56.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49958 (GCVE-0-2024-49958)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23

Title

ocfs2: reserve space for inline xattr before attaching reflink tree

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space for inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case up to 230), thereby causing corruption. The fix for this is to reserve space for inline metadata at the destination inode before the reflink tree gets recreated. The customer has verified the fix.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5c9807c523b4fca81…
	https://git.kernel.org/stable/c/74364cb578dcc0b6c…
	https://git.kernel.org/stable/c/aac31d654a0a31cb0…
	https://git.kernel.org/stable/c/020f5c53c17f66c0a…
	https://git.kernel.org/stable/c/5c2072f02c0d75802…
	https://git.kernel.org/stable/c/637c00e06564a945e…
	https://git.kernel.org/stable/c/9f9a8f3ac65b4147f…
	https://git.kernel.org/stable/c/96ce4c3537114d169…
	https://git.kernel.org/stable/c/5ca60b86f57a4d964…

Impacted products

Vendor

Product

Version

Linux

Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 5c9807c523b4fca81d3e8e864dabc8c806402121 (git)
Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 74364cb578dcc0b6c9109519d19cbe5a56afac9a (git)
Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < aac31d654a0a31cb0d2fa36ae694f4e164a52707 (git)
Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 020f5c53c17f66c0a8f2d37dad27ace301b8d8a1 (git)
Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 5c2072f02c0d75802ec28ec703b7d43a0dd008b5 (git)
Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 637c00e06564a945e9d0edb3d78d362d64935f9f (git)
Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 9f9a8f3ac65b4147f1a7b6c05fad5192c0e3c3d9 (git)
Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 96ce4c3537114d1698be635f5e36c62dc49df7a4 (git)
Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 5ca60b86f57a4d9648f68418a725b3a7de2816b0 (git)
Affected: 3a32958d2ac96070c53d04bd8e013c97b260b5e6 (git)
Affected: 93f26306db89c9dc37885b76a1082e6d54d23b16 (git)
Affected: 26a849f49fb3347d126a0ed6611173f903374ef4 (git)
Affected: 1e7e4c9ae2a78a6791a2ca91a6a400f94855f01e (git)
Affected: 1926bf8ae44d80c9f50103f11fc4f17e2e2bf684 (git)

Linux

Affected: 3.11
Unaffected: 0 , < 3.11 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:35:29.206736Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:48.118Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:38.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/refcounttree.c",
            "fs/ocfs2/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5c9807c523b4fca81d3e8e864dabc8c806402121",
              "status": "affected",
              "version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
              "versionType": "git"
            },
            {
              "lessThan": "74364cb578dcc0b6c9109519d19cbe5a56afac9a",
              "status": "affected",
              "version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
              "versionType": "git"
            },
            {
              "lessThan": "aac31d654a0a31cb0d2fa36ae694f4e164a52707",
              "status": "affected",
              "version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
              "versionType": "git"
            },
            {
              "lessThan": "020f5c53c17f66c0a8f2d37dad27ace301b8d8a1",
              "status": "affected",
              "version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
              "versionType": "git"
            },
            {
              "lessThan": "5c2072f02c0d75802ec28ec703b7d43a0dd008b5",
              "status": "affected",
              "version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
              "versionType": "git"
            },
            {
              "lessThan": "637c00e06564a945e9d0edb3d78d362d64935f9f",
              "status": "affected",
              "version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
              "versionType": "git"
            },
            {
              "lessThan": "9f9a8f3ac65b4147f1a7b6c05fad5192c0e3c3d9",
              "status": "affected",
              "version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
              "versionType": "git"
            },
            {
              "lessThan": "96ce4c3537114d1698be635f5e36c62dc49df7a4",
              "status": "affected",
              "version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
              "versionType": "git"
            },
            {
              "lessThan": "5ca60b86f57a4d9648f68418a725b3a7de2816b0",
              "status": "affected",
              "version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3a32958d2ac96070c53d04bd8e013c97b260b5e6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "93f26306db89c9dc37885b76a1082e6d54d23b16",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "26a849f49fb3347d126a0ed6611173f903374ef4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1e7e4c9ae2a78a6791a2ca91a6a400f94855f01e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1926bf8ae44d80c9f50103f11fc4f17e2e2bf684",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/refcounttree.c",
            "fs/ocfs2/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.11"
            },
            {
              "lessThan": "3.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.0.87",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.2.49",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.4.54",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.9.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: reserve space for inline xattr before attaching reflink tree\n\nOne of our customers reported a crash and a corrupted ocfs2 filesystem. \nThe crash was due to the detection of corruption.  Upon troubleshooting,\nthe fsck -fn output showed the below corruption\n\n[EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record,\nbut fsck believes the largest valid value is 227.  Clamp the next record value? n\n\nThe stat output from the debugfs.ocfs2 showed the following corruption\nwhere the \"Next Free Rec:\" had overshot the \"Count:\" in the root metadata\nblock.\n\n        Inode: 33080590   Mode: 0640   Generation: 2619713622 (0x9c25a856)\n        FS Generation: 904309833 (0x35e6ac49)\n        CRC32: 00000000   ECC: 0000\n        Type: Regular   Attr: 0x0   Flags: Valid\n        Dynamic Features: (0x16) HasXattr InlineXattr Refcounted\n        Extended Attributes Block: 0  Extended Attributes Inline Size: 256\n        User: 0 (root)   Group: 0 (root)   Size: 281320357888\n        Links: 1   Clusters: 141738\n        ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024\n        atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024\n        mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024\n        dtime: 0x0 -- Wed Dec 31 17:00:00 1969\n        Refcount Block: 2777346\n        Last Extblk: 2886943   Orphan Slot: 0\n        Sub Alloc Slot: 0   Sub Alloc Bit: 14\n        Tree Depth: 1   Count: 227   Next Free Rec: 230\n        ## Offset        Clusters       Block#\n        0  0             2310           2776351\n        1  2310          2139           2777375\n        2  4449          1221           2778399\n        3  5670          731            2779423\n        4  6401          566            2780447\n        .......          ....           .......\n        .......          ....           .......\n\nThe issue was in the reflink workfow while reserving space for inline\nxattr.  The problematic function is ocfs2_reflink_xattr_inline().  By the\ntime this function is called the reflink tree is already recreated at the\ndestination inode from the source inode.  At this point, this function\nreserves space for inline xattrs at the destination inode without even\nchecking if there is space at the root metadata block.  It simply reduces\nthe l_count from 243 to 227 thereby making space of 256 bytes for inline\nxattr whereas the inode already has extents beyond this index (in this\ncase up to 230), thereby causing corruption.\n\nThe fix for this is to reserve space for inline metadata at the destination\ninode before the reflink tree gets recreated. The customer has verified the\nfix."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:59:13.995Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5c9807c523b4fca81d3e8e864dabc8c806402121"
        },
        {
          "url": "https://git.kernel.org/stable/c/74364cb578dcc0b6c9109519d19cbe5a56afac9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/aac31d654a0a31cb0d2fa36ae694f4e164a52707"
        },
        {
          "url": "https://git.kernel.org/stable/c/020f5c53c17f66c0a8f2d37dad27ace301b8d8a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c2072f02c0d75802ec28ec703b7d43a0dd008b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/637c00e06564a945e9d0edb3d78d362d64935f9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f9a8f3ac65b4147f1a7b6c05fad5192c0e3c3d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/96ce4c3537114d1698be635f5e36c62dc49df7a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ca60b86f57a4d9648f68418a725b3a7de2816b0"
        }
      ],
      "title": "ocfs2: reserve space for inline xattr before attaching reflink tree",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49958",
    "datePublished": "2024-10-21T18:02:11.702Z",
    "dateReserved": "2024-10-21T12:17:06.048Z",
    "dateUpdated": "2025-11-03T22:23:38.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50194 (GCVE-0-2024-50194)

Vulnerability from cvelistv5 – Published: 2024-11-08 05:54 – Updated: 2025-11-03 22:26

Title

arm64: probes: Fix uprobes for big-endian kernels

Summary

In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Fix uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels as it doesn't convert the in-memory instruction encoding (which is always little-endian) into the kernel's native endianness before analyzing and simulating instructions. This may result in a few distinct problems: * The kernel may may erroneously reject probing an instruction which can safely be probed. * The kernel may erroneously erroneously permit stepping an instruction out-of-line when that instruction cannot be stepped out-of-line safely. * The kernel may erroneously simulate instruction incorrectly dur to interpretting the byte-swapped encoding. The endianness mismatch isn't caught by the compiler or sparse because: * The arch_uprobe::{insn,ixol} fields are encoded as arrays of u8, so the compiler and sparse have no idea these contain a little-endian 32-bit value. The core uprobes code populates these with a memcpy() which similarly does not handle endianness. * While the uprobe_opcode_t type is an alias for __le32, both arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() cast from u8[] to the similarly-named probe_opcode_t, which is an alias for u32. Hence there is no endianness conversion warning. Fix this by changing the arch_uprobe::{insn,ixol} fields to __le32 and adding the appropriate __le32_to_cpu() conversions prior to consuming the instruction encoding. The core uprobes copies these fields as opaque ranges of bytes, and so is unaffected by this change. At the same time, remove MAX_UINSN_BYTES and consistently use AARCH64_INSN_SIZE for clarity. Tested with the following: | #include <stdio.h> | #include <stdbool.h> | | #define noinline __attribute__((noinline)) | | static noinline void *adrp_self(void) | { | void *addr; | | asm volatile( | " adrp %x0, adrp_self\n" | " add %x0, %x0, :lo12:adrp_self\n" | : "=r" (addr)); | } | | | int main(int argc, char *argv) | { | void *ptr = adrp_self(); | bool equal = (ptr == adrp_self); | | printf("adrp_self => %p\n" | "adrp_self() => %p\n" | "%s\n", | adrp_self, ptr, equal ? "EQUAL" : "NOT EQUAL"); | | return 0; | } .... where the adrp_self() function was compiled to: | 00000000004007e0 <adrp_self>: | 4007e0: 90000000 adrp x0, 400000 <__ehdr_start> | 4007e4: 911f8000 add x0, x0, #0x7e0 | 4007e8: d65f03c0 ret Before this patch, the ADRP is not recognized, and is assumed to be steppable, resulting in corruption of the result: | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0x4007e0 | EQUAL | # echo 'p /root/adrp-self:0x007e0' > /sys/kernel/tracing/uprobe_events | # echo 1 > /sys/kernel/tracing/events/uprobes/enable | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0xffffffffff7e0 | NOT EQUAL After this patch, the ADRP is correctly recognized and simulated: | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0x4007e0 | EQUAL | # | # echo 'p /root/adrp-self:0x007e0' > /sys/kernel/tracing/uprobe_events | # echo 1 > /sys/kernel/tracing/events/uprobes/enable | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0x4007e0 | EQUAL

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b6a638cb600e13f94…
	https://git.kernel.org/stable/c/e6ab3362139185751…
	https://git.kernel.org/stable/c/cf9ddf9ed94c15564…
	https://git.kernel.org/stable/c/cf60d19d40184e43d…
	https://git.kernel.org/stable/c/14841bb7a531b96e2…
	https://git.kernel.org/stable/c/8165bf83b8a64be80…
	https://git.kernel.org/stable/c/3d2530c65be04e937…
	https://git.kernel.org/stable/c/13f8f1e05f1dc36db…

Impacted products

Vendor

Product

Version

Linux

Affected: 9842ceae9fa8deae141533d52a6ead7666962c09 , < b6a638cb600e13f94b5464724eaa6ab7f3349ca2 (git)
Affected: 9842ceae9fa8deae141533d52a6ead7666962c09 , < e6ab336213918575124d6db43dc5d3554526242e (git)
Affected: 9842ceae9fa8deae141533d52a6ead7666962c09 , < cf9ddf9ed94c15564a05bbf6e9f18dffa0c7df80 (git)
Affected: 9842ceae9fa8deae141533d52a6ead7666962c09 , < cf60d19d40184e43d9a624e55a0da73be09e938d (git)
Affected: 9842ceae9fa8deae141533d52a6ead7666962c09 , < 14841bb7a531b96e2dde37423a3b33e75147c60d (git)
Affected: 9842ceae9fa8deae141533d52a6ead7666962c09 , < 8165bf83b8a64be801d59cd2532b0d1ffed74d00 (git)
Affected: 9842ceae9fa8deae141533d52a6ead7666962c09 , < 3d2530c65be04e93720e30f191a7cf1a3aa8b51c (git)
Affected: 9842ceae9fa8deae141533d52a6ead7666962c09 , < 13f8f1e05f1dc36dbba6cba0ae03354c0dafcde7 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.229 , ≤ 5.10.* (semver)
Unaffected: 5.15.170 , ≤ 5.15.* (semver)
Unaffected: 6.1.115 , ≤ 6.1.* (semver)
Unaffected: 6.6.58 , ≤ 6.6.* (semver)
Unaffected: 6.11.5 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50194",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:18:08.294530Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:27:08.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:26:49.079Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/include/asm/uprobes.h",
            "arch/arm64/kernel/probes/uprobes.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b6a638cb600e13f94b5464724eaa6ab7f3349ca2",
              "status": "affected",
              "version": "9842ceae9fa8deae141533d52a6ead7666962c09",
              "versionType": "git"
            },
            {
              "lessThan": "e6ab336213918575124d6db43dc5d3554526242e",
              "status": "affected",
              "version": "9842ceae9fa8deae141533d52a6ead7666962c09",
              "versionType": "git"
            },
            {
              "lessThan": "cf9ddf9ed94c15564a05bbf6e9f18dffa0c7df80",
              "status": "affected",
              "version": "9842ceae9fa8deae141533d52a6ead7666962c09",
              "versionType": "git"
            },
            {
              "lessThan": "cf60d19d40184e43d9a624e55a0da73be09e938d",
              "status": "affected",
              "version": "9842ceae9fa8deae141533d52a6ead7666962c09",
              "versionType": "git"
            },
            {
              "lessThan": "14841bb7a531b96e2dde37423a3b33e75147c60d",
              "status": "affected",
              "version": "9842ceae9fa8deae141533d52a6ead7666962c09",
              "versionType": "git"
            },
            {
              "lessThan": "8165bf83b8a64be801d59cd2532b0d1ffed74d00",
              "status": "affected",
              "version": "9842ceae9fa8deae141533d52a6ead7666962c09",
              "versionType": "git"
            },
            {
              "lessThan": "3d2530c65be04e93720e30f191a7cf1a3aa8b51c",
              "status": "affected",
              "version": "9842ceae9fa8deae141533d52a6ead7666962c09",
              "versionType": "git"
            },
            {
              "lessThan": "13f8f1e05f1dc36dbba6cba0ae03354c0dafcde7",
              "status": "affected",
              "version": "9842ceae9fa8deae141533d52a6ead7666962c09",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/include/asm/uprobes.h",
            "arch/arm64/kernel/probes/uprobes.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.115",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.58",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.229",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.170",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.115",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.58",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.5",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Fix uprobes for big-endian kernels\n\nThe arm64 uprobes code is broken for big-endian kernels as it doesn\u0027t\nconvert the in-memory instruction encoding (which is always\nlittle-endian) into the kernel\u0027s native endianness before analyzing and\nsimulating instructions. This may result in a few distinct problems:\n\n* The kernel may may erroneously reject probing an instruction which can\n  safely be probed.\n\n* The kernel may erroneously erroneously permit stepping an\n  instruction out-of-line when that instruction cannot be stepped\n  out-of-line safely.\n\n* The kernel may erroneously simulate instruction incorrectly dur to\n  interpretting the byte-swapped encoding.\n\nThe endianness mismatch isn\u0027t caught by the compiler or sparse because:\n\n* The arch_uprobe::{insn,ixol} fields are encoded as arrays of u8, so\n  the compiler and sparse have no idea these contain a little-endian\n  32-bit value. The core uprobes code populates these with a memcpy()\n  which similarly does not handle endianness.\n\n* While the uprobe_opcode_t type is an alias for __le32, both\n  arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() cast from u8[]\n  to the similarly-named probe_opcode_t, which is an alias for u32.\n  Hence there is no endianness conversion warning.\n\nFix this by changing the arch_uprobe::{insn,ixol} fields to __le32 and\nadding the appropriate __le32_to_cpu() conversions prior to consuming\nthe instruction encoding. The core uprobes copies these fields as opaque\nranges of bytes, and so is unaffected by this change.\n\nAt the same time, remove MAX_UINSN_BYTES and consistently use\nAARCH64_INSN_SIZE for clarity.\n\nTested with the following:\n\n| #include \u003cstdio.h\u003e\n| #include \u003cstdbool.h\u003e\n|\n| #define noinline __attribute__((noinline))\n|\n| static noinline void *adrp_self(void)\n| {\n|         void *addr;\n|\n|         asm volatile(\n|         \"       adrp    %x0, adrp_self\\n\"\n|         \"       add     %x0, %x0, :lo12:adrp_self\\n\"\n|         : \"=r\" (addr));\n| }\n|\n|\n| int main(int argc, char *argv)\n| {\n|         void *ptr = adrp_self();\n|         bool equal = (ptr == adrp_self);\n|\n|         printf(\"adrp_self   =\u003e %p\\n\"\n|                \"adrp_self() =\u003e %p\\n\"\n|                \"%s\\n\",\n|                adrp_self, ptr, equal ? \"EQUAL\" : \"NOT EQUAL\");\n|\n|         return 0;\n| }\n\n.... where the adrp_self() function was compiled to:\n\n| 00000000004007e0 \u003cadrp_self\u003e:\n|   4007e0:       90000000        adrp    x0, 400000 \u003c__ehdr_start\u003e\n|   4007e4:       911f8000        add     x0, x0, #0x7e0\n|   4007e8:       d65f03c0        ret\n\nBefore this patch, the ADRP is not recognized, and is assumed to be\nsteppable, resulting in corruption of the result:\n\n| # ./adrp-self\n| adrp_self   =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| # echo \u0027p /root/adrp-self:0x007e0\u0027 \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self   =\u003e 0x4007e0\n| adrp_self() =\u003e 0xffffffffff7e0\n| NOT EQUAL\n\nAfter this patch, the ADRP is correctly recognized and simulated:\n\n| # ./adrp-self\n| adrp_self   =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| #\n| # echo \u0027p /root/adrp-self:0x007e0\u0027 \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self   =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:48:24.871Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b6a638cb600e13f94b5464724eaa6ab7f3349ca2"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6ab336213918575124d6db43dc5d3554526242e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf9ddf9ed94c15564a05bbf6e9f18dffa0c7df80"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf60d19d40184e43d9a624e55a0da73be09e938d"
        },
        {
          "url": "https://git.kernel.org/stable/c/14841bb7a531b96e2dde37423a3b33e75147c60d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8165bf83b8a64be801d59cd2532b0d1ffed74d00"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d2530c65be04e93720e30f191a7cf1a3aa8b51c"
        },
        {
          "url": "https://git.kernel.org/stable/c/13f8f1e05f1dc36dbba6cba0ae03354c0dafcde7"
        }
      ],
      "title": "arm64: probes: Fix uprobes for big-endian kernels",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50194",
    "datePublished": "2024-11-08T05:54:09.327Z",
    "dateReserved": "2024-10-21T19:36:19.968Z",
    "dateUpdated": "2025-11-03T22:26:49.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46674 (GCVE-0-2024-46674)

Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2025-11-03 22:16

Title

usb: dwc3: st: fix probed platform device ref count on probe error path

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b0979a885b9d4df2a…
	https://git.kernel.org/stable/c/f3498650df0805c75…
	https://git.kernel.org/stable/c/6aee4c5635d81f480…
	https://git.kernel.org/stable/c/060f41243ad7f6f52…
	https://git.kernel.org/stable/c/4c6735299540f3c82…
	https://git.kernel.org/stable/c/e1e5e8ea2731150d5…
	https://git.kernel.org/stable/c/1de989668708ce587…
	https://git.kernel.org/stable/c/ddfcfeba891064b88…

Impacted products

Vendor

Product

Version

Linux

Affected: f83fca0707c66e36f14efef7f68702cb12de70b7 , < b0979a885b9d4df2a25b88e9d444ccaa5f9f495c (git)
Affected: f83fca0707c66e36f14efef7f68702cb12de70b7 , < f3498650df0805c75b4e1c94d07423c46cbf4ce1 (git)
Affected: f83fca0707c66e36f14efef7f68702cb12de70b7 , < 6aee4c5635d81f4809c3b9f0c198a65adfbb2ada (git)
Affected: f83fca0707c66e36f14efef7f68702cb12de70b7 , < 060f41243ad7f6f5249fa7290dda0c01f723d12d (git)
Affected: f83fca0707c66e36f14efef7f68702cb12de70b7 , < 4c6735299540f3c82a5033d35be76a5c42e0fb18 (git)
Affected: f83fca0707c66e36f14efef7f68702cb12de70b7 , < e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49 (git)
Affected: f83fca0707c66e36f14efef7f68702cb12de70b7 , < 1de989668708ce5875efc9d669d227212aeb9a90 (git)
Affected: f83fca0707c66e36f14efef7f68702cb12de70b7 , < ddfcfeba891064b88bb844208b43bef2ef970f0c (git)

Linux

Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 4.19.321 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.108 , ≤ 6.1.* (semver)
Unaffected: 6.6.49 , ≤ 6.6.* (semver)
Unaffected: 6.10.8 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46674",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:44:46.031544Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:45:00.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:16:08.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/dwc3-st.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b0979a885b9d4df2a25b88e9d444ccaa5f9f495c",
              "status": "affected",
              "version": "f83fca0707c66e36f14efef7f68702cb12de70b7",
              "versionType": "git"
            },
            {
              "lessThan": "f3498650df0805c75b4e1c94d07423c46cbf4ce1",
              "status": "affected",
              "version": "f83fca0707c66e36f14efef7f68702cb12de70b7",
              "versionType": "git"
            },
            {
              "lessThan": "6aee4c5635d81f4809c3b9f0c198a65adfbb2ada",
              "status": "affected",
              "version": "f83fca0707c66e36f14efef7f68702cb12de70b7",
              "versionType": "git"
            },
            {
              "lessThan": "060f41243ad7f6f5249fa7290dda0c01f723d12d",
              "status": "affected",
              "version": "f83fca0707c66e36f14efef7f68702cb12de70b7",
              "versionType": "git"
            },
            {
              "lessThan": "4c6735299540f3c82a5033d35be76a5c42e0fb18",
              "status": "affected",
              "version": "f83fca0707c66e36f14efef7f68702cb12de70b7",
              "versionType": "git"
            },
            {
              "lessThan": "e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49",
              "status": "affected",
              "version": "f83fca0707c66e36f14efef7f68702cb12de70b7",
              "versionType": "git"
            },
            {
              "lessThan": "1de989668708ce5875efc9d669d227212aeb9a90",
              "status": "affected",
              "version": "f83fca0707c66e36f14efef7f68702cb12de70b7",
              "versionType": "git"
            },
            {
              "lessThan": "ddfcfeba891064b88bb844208b43bef2ef970f0c",
              "status": "affected",
              "version": "f83fca0707c66e36f14efef7f68702cb12de70b7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/dwc3-st.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.321",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.108",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.49",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.8",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: st: fix probed platform device ref count on probe error path\n\nThe probe function never performs any paltform device allocation, thus\nerror path \"undo_platform_dev_alloc\" is entirely bogus.  It drops the\nreference count from the platform device being probed.  If error path is\ntriggered, this will lead to unbalanced device reference counts and\npremature release of device resources, thus possible use-after-free when\nreleasing remaining devm-managed resources."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:37.437Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b0979a885b9d4df2a25b88e9d444ccaa5f9f495c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3498650df0805c75b4e1c94d07423c46cbf4ce1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6aee4c5635d81f4809c3b9f0c198a65adfbb2ada"
        },
        {
          "url": "https://git.kernel.org/stable/c/060f41243ad7f6f5249fa7290dda0c01f723d12d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c6735299540f3c82a5033d35be76a5c42e0fb18"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49"
        },
        {
          "url": "https://git.kernel.org/stable/c/1de989668708ce5875efc9d669d227212aeb9a90"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddfcfeba891064b88bb844208b43bef2ef970f0c"
        }
      ],
      "title": "usb: dwc3: st: fix probed platform device ref count on probe error path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46674",
    "datePublished": "2024-09-13T05:29:10.381Z",
    "dateReserved": "2024-09-11T15:12:18.247Z",
    "dateUpdated": "2025-11-03T22:16:08.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53052 (GCVE-0-2024-53052)

Vulnerability from cvelistv5 – Published: 2024-11-19 17:19 – Updated: 2025-11-03 22:28

Title

io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

Summary

In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write When io_uring starts a write, it'll call kiocb_start_write() to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze side will grab that rwsem for writing, excluding any new writers from happening and waiting for existing writes to finish. But io_uring unconditionally uses kiocb_start_write(), which will block if someone is currently attempting to freeze the mount point. This causes a deadlock where freeze is waiting for previous writes to complete, but the previous writes cannot complete, as the task that is supposed to complete them is blocked waiting on starting a new write. This results in the following stuck trace showing that dependency with the write blocked starting a new write: task:fio state:D stack:0 pid:886 tgid:886 ppid:876 Call trace: __switch_to+0x1d8/0x348 __schedule+0x8e8/0x2248 schedule+0x110/0x3f0 percpu_rwsem_wait+0x1e8/0x3f8 __percpu_down_read+0xe8/0x500 io_write+0xbb8/0xff8 io_issue_sqe+0x10c/0x1020 io_submit_sqes+0x614/0x2110 __arm64_sys_io_uring_enter+0x524/0x1038 invoke_syscall+0x74/0x268 el0_svc_common.constprop.0+0x160/0x238 do_el0_svc+0x44/0x60 el0_svc+0x44/0xb0 el0t_64_sync_handler+0x118/0x128 el0t_64_sync+0x168/0x170 INFO: task fsfreeze:7364 blocked for more than 15 seconds. Not tainted 6.12.0-rc5-00063-g76aaf945701c #7963 with the attempting freezer stuck trying to grab the rwsem: task:fsfreeze state:D stack:0 pid:7364 tgid:7364 ppid:995 Call trace: __switch_to+0x1d8/0x348 __schedule+0x8e8/0x2248 schedule+0x110/0x3f0 percpu_down_write+0x2b0/0x680 freeze_super+0x248/0x8a8 do_vfs_ioctl+0x149c/0x1b18 __arm64_sys_ioctl+0xd0/0x1a0 invoke_syscall+0x74/0x268 el0_svc_common.constprop.0+0x160/0x238 do_el0_svc+0x44/0x60 el0_svc+0x44/0xb0 el0t_64_sync_handler+0x118/0x128 el0t_64_sync+0x168/0x170 Fix this by having the io_uring side honor IOCB_NOWAIT, and only attempt a blocking grab of the super block rwsem if it isn't set. For normal issue where IOCB_NOWAIT would always be set, this returns -EAGAIN which will have io_uring core issue a blocking attempt of the write. That will in turn also get completions run, ensuring forward progress. Since freezing requires CAP_SYS_ADMIN in the first place, this isn't something that can be triggered by a regular user.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/485d9232112b17f38…
	https://git.kernel.org/stable/c/4e24041ba86d50aaa…
	https://git.kernel.org/stable/c/9e8debb8e51354b20…
	https://git.kernel.org/stable/c/003d2996964c03dfd…
	https://git.kernel.org/stable/c/26b8c48f369b7591f…
	https://git.kernel.org/stable/c/1d60d74e852647255…

Impacted products

Vendor

Product

Version

Linux

Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 485d9232112b17f389b29497ff41b97b3189546b (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 4e24041ba86d50aaa4c792ae2c88ed01b3d96243 (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 9e8debb8e51354b201db494689198078ec2c1e75 (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 003d2996964c03dfd34860500428f4cdf1f5879e (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 26b8c48f369b7591f5679e0b90612f4862a32929 (git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 1d60d74e852647255bd8e76f5a22dc42531e4389 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.116 , ≤ 6.1.* (semver)
Unaffected: 6.6.60 , ≤ 6.6.* (semver)
Unaffected: 6.11.7 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:13:08.688394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:18.261Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:47.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "io_uring/rw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "485d9232112b17f389b29497ff41b97b3189546b",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "4e24041ba86d50aaa4c792ae2c88ed01b3d96243",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "9e8debb8e51354b201db494689198078ec2c1e75",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "003d2996964c03dfd34860500428f4cdf1f5879e",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "26b8c48f369b7591f5679e0b90612f4862a32929",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "1d60d74e852647255bd8e76f5a22dc42531e4389",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "io_uring/rw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.116",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.60",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.116",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.60",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.7",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: fix missing NOWAIT check for O_DIRECT start write\n\nWhen io_uring starts a write, it\u0027ll call kiocb_start_write() to bump the\nsuper block rwsem, preventing any freezes from happening while that\nwrite is in-flight. The freeze side will grab that rwsem for writing,\nexcluding any new writers from happening and waiting for existing writes\nto finish. But io_uring unconditionally uses kiocb_start_write(), which\nwill block if someone is currently attempting to freeze the mount point.\nThis causes a deadlock where freeze is waiting for previous writes to\ncomplete, but the previous writes cannot complete, as the task that is\nsupposed to complete them is blocked waiting on starting a new write.\nThis results in the following stuck trace showing that dependency with\nthe write blocked starting a new write:\n\ntask:fio             state:D stack:0     pid:886   tgid:886   ppid:876\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_rwsem_wait+0x1e8/0x3f8\n __percpu_down_read+0xe8/0x500\n io_write+0xbb8/0xff8\n io_issue_sqe+0x10c/0x1020\n io_submit_sqes+0x614/0x2110\n __arm64_sys_io_uring_enter+0x524/0x1038\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\nINFO: task fsfreeze:7364 blocked for more than 15 seconds.\n      Not tainted 6.12.0-rc5-00063-g76aaf945701c #7963\n\nwith the attempting freezer stuck trying to grab the rwsem:\n\ntask:fsfreeze        state:D stack:0     pid:7364  tgid:7364  ppid:995\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_down_write+0x2b0/0x680\n freeze_super+0x248/0x8a8\n do_vfs_ioctl+0x149c/0x1b18\n __arm64_sys_ioctl+0xd0/0x1a0\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\n\nFix this by having the io_uring side honor IOCB_NOWAIT, and only attempt a\nblocking grab of the super block rwsem if it isn\u0027t set. For normal issue\nwhere IOCB_NOWAIT would always be set, this returns -EAGAIN which will\nhave io_uring core issue a blocking attempt of the write. That will in\nturn also get completions run, ensuring forward progress.\n\nSince freezing requires CAP_SYS_ADMIN in the first place, this isn\u0027t\nsomething that can be triggered by a regular user."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:51:47.057Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/485d9232112b17f389b29497ff41b97b3189546b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e24041ba86d50aaa4c792ae2c88ed01b3d96243"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e8debb8e51354b201db494689198078ec2c1e75"
        },
        {
          "url": "https://git.kernel.org/stable/c/003d2996964c03dfd34860500428f4cdf1f5879e"
        },
        {
          "url": "https://git.kernel.org/stable/c/26b8c48f369b7591f5679e0b90612f4862a32929"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d60d74e852647255bd8e76f5a22dc42531e4389"
        }
      ],
      "title": "io_uring/rw: fix missing NOWAIT check for O_DIRECT start write",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53052",
    "datePublished": "2024-11-19T17:19:37.067Z",
    "dateReserved": "2024-11-19T17:17:24.973Z",
    "dateUpdated": "2025-11-03T22:28:47.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52919 (GCVE-0-2023-52919)

Vulnerability from cvelistv5 – Published: 2024-10-22 07:37 – Updated: 2025-05-04 07:45

Title

nfc: nci: fix possible NULL pointer dereference in send_acknowledge()

Summary

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2b2edf089df3a69f0…
	https://git.kernel.org/stable/c/5622592f8f74ae3e5…
	https://git.kernel.org/stable/c/76050b0cc5a72e0c7…
	https://git.kernel.org/stable/c/c95fa5b20fe03609e…
	https://git.kernel.org/stable/c/ffdc881f68073ff86…
	https://git.kernel.org/stable/c/d7dbdbe3800a908ee…
	https://git.kernel.org/stable/c/bb6cacc439ddd2cd5…
	https://git.kernel.org/stable/c/7937609cd387246ae…

Impacted products

Vendor

Product

Version

Linux

Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 2b2edf089df3a69f0072c6e71563394c5a94e62e (git)
Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 5622592f8f74ae3e594379af02e64ea84772d0dd (git)
Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 76050b0cc5a72e0c7493287b7e18e1cb9e3c4612 (git)
Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < c95fa5b20fe03609e0894656fa43c18045b5097e (git)
Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < ffdc881f68073ff86bf21afb9bb954812e8278be (git)
Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < d7dbdbe3800a908eecd4975c31be47dd45e2104a (git)
Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < bb6cacc439ddd2cd51227ab193f4f91cfc7f014f (git)
Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 7937609cd387246aed994e81aa4fa951358fba41 (git)

Linux

Affected: 3.11
Unaffected: 0 , < 3.11 (semver)
Unaffected: 4.14.328 , ≤ 4.14.* (semver)
Unaffected: 4.19.297 , ≤ 4.19.* (semver)
Unaffected: 5.4.259 , ≤ 5.4.* (semver)
Unaffected: 5.10.199 , ≤ 5.10.* (semver)
Unaffected: 5.15.137 , ≤ 5.15.* (semver)
Unaffected: 6.1.60 , ≤ 6.1.* (semver)
Unaffected: 6.5.9 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52919",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:10:43.843732Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:18:35.125Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/nfc/nci/spi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2b2edf089df3a69f0072c6e71563394c5a94e62e",
              "status": "affected",
              "version": "391d8a2da787257aeaf952c974405b53926e3fb3",
              "versionType": "git"
            },
            {
              "lessThan": "5622592f8f74ae3e594379af02e64ea84772d0dd",
              "status": "affected",
              "version": "391d8a2da787257aeaf952c974405b53926e3fb3",
              "versionType": "git"
            },
            {
              "lessThan": "76050b0cc5a72e0c7493287b7e18e1cb9e3c4612",
              "status": "affected",
              "version": "391d8a2da787257aeaf952c974405b53926e3fb3",
              "versionType": "git"
            },
            {
              "lessThan": "c95fa5b20fe03609e0894656fa43c18045b5097e",
              "status": "affected",
              "version": "391d8a2da787257aeaf952c974405b53926e3fb3",
              "versionType": "git"
            },
            {
              "lessThan": "ffdc881f68073ff86bf21afb9bb954812e8278be",
              "status": "affected",
              "version": "391d8a2da787257aeaf952c974405b53926e3fb3",
              "versionType": "git"
            },
            {
              "lessThan": "d7dbdbe3800a908eecd4975c31be47dd45e2104a",
              "status": "affected",
              "version": "391d8a2da787257aeaf952c974405b53926e3fb3",
              "versionType": "git"
            },
            {
              "lessThan": "bb6cacc439ddd2cd51227ab193f4f91cfc7f014f",
              "status": "affected",
              "version": "391d8a2da787257aeaf952c974405b53926e3fb3",
              "versionType": "git"
            },
            {
              "lessThan": "7937609cd387246aed994e81aa4fa951358fba41",
              "status": "affected",
              "version": "391d8a2da787257aeaf952c974405b53926e3fb3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/nfc/nci/spi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.11"
            },
            {
              "lessThan": "3.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.328",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.259",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.199",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.137",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.60",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.328",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.297",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.259",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.199",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.137",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.60",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.9",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix possible NULL pointer dereference in send_acknowledge()\n\nHandle memory allocation failure from nci_skb_alloc() (calling\nalloc_skb()) to avoid possible NULL pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:45:59.898Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2b2edf089df3a69f0072c6e71563394c5a94e62e"
        },
        {
          "url": "https://git.kernel.org/stable/c/5622592f8f74ae3e594379af02e64ea84772d0dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/76050b0cc5a72e0c7493287b7e18e1cb9e3c4612"
        },
        {
          "url": "https://git.kernel.org/stable/c/c95fa5b20fe03609e0894656fa43c18045b5097e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffdc881f68073ff86bf21afb9bb954812e8278be"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7dbdbe3800a908eecd4975c31be47dd45e2104a"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb6cacc439ddd2cd51227ab193f4f91cfc7f014f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7937609cd387246aed994e81aa4fa951358fba41"
        }
      ],
      "title": "nfc: nci: fix possible NULL pointer dereference in send_acknowledge()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52919",
    "datePublished": "2024-10-22T07:37:28.091Z",
    "dateReserved": "2024-08-21T06:07:11.017Z",
    "dateUpdated": "2025-05-04T07:45:59.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50082 (GCVE-0-2024-50082)

Vulnerability from cvelistv5 – Published: 2024-10-29 00:50 – Updated: 2025-11-03 22:25

Title

blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race

Summary

In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race We're seeing crashes from rq_qos_wake_function that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0 Oops: Oops: 0002 [#1] PREEMPT SMP PTI CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40 Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 <f0> 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00 RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011 RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084 RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011 R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002 R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> try_to_wake_up+0x5a/0x6a0 rq_qos_wake_function+0x71/0x80 __wake_up_common+0x75/0xa0 __wake_up+0x36/0x60 scale_up.part.0+0x50/0x110 wb_timer_fn+0x227/0x450 ... So rq_qos_wake_function() calls wake_up_process(data->task), which calls try_to_wake_up(), which faults in raw_spin_lock_irqsave(&p->pi_lock). p comes from data->task, and data comes from the waitqueue entry, which is stored on the waiter's stack in rq_qos_wait(). Analyzing the core dump with drgn, I found that the waiter had already woken up and moved on to a completely unrelated code path, clobbering what was previously data->task. Meanwhile, the waker was passing the clobbered garbage in data->task to wake_up_process(), leading to the crash. What's happening is that in between rq_qos_wake_function() deleting the waitqueue entry and calling wake_up_process(), rq_qos_wait() is finding that it already got a token and returning. The race looks like this: rq_qos_wait() rq_qos_wake_function() ============================================================== prepare_to_wait_exclusive() data->got_token = true; list_del_init(&curr->entry); if (data.got_token) break; finish_wait(&rqw->wait, &data.wq); ^- returns immediately because list_empty_careful(&wq_entry->entry) is true ... return, go do something else ... wake_up_process(data->task) (NO LONGER VALID!)-^ Normally, finish_wait() is supposed to synchronize against the waker. But, as noted above, it is returning immediately because the waitqueue entry has already been removed from the waitqueue. The bug is that rq_qos_wake_function() is accessing the waitqueue entry AFTER deleting it. Note that autoremove_wake_function() wakes the waiter and THEN deletes the waitqueue entry, which is the proper order. Fix it by swapping the order. We also need to use list_del_init_careful() to match the list_empty_careful() in finish_wait().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d04b72c9ef2b0689b…
	https://git.kernel.org/stable/c/3bc6d0f8b70a91014…
	https://git.kernel.org/stable/c/455a469758e57a6fe…
	https://git.kernel.org/stable/c/b5e900a3612b69423…
	https://git.kernel.org/stable/c/4c5b123ab289767af…
	https://git.kernel.org/stable/c/04f283fc16c8d5db6…
	https://git.kernel.org/stable/c/e972b08b91ef48488…

Impacted products

Vendor

Product

Version

Linux

Affected: 38cfb5a45ee013bfab5d1ae4c4738815e744b440 , < d04b72c9ef2b0689bfc1057d21c4aeed087c329f (git)
Affected: 38cfb5a45ee013bfab5d1ae4c4738815e744b440 , < 3bc6d0f8b70a9101456cf02ab99acb75254e1852 (git)
Affected: 38cfb5a45ee013bfab5d1ae4c4738815e744b440 , < 455a469758e57a6fe070e3e342db12e4a629e0eb (git)
Affected: 38cfb5a45ee013bfab5d1ae4c4738815e744b440 , < b5e900a3612b69423a0e1b0ab67841a1fb4af80f (git)
Affected: 38cfb5a45ee013bfab5d1ae4c4738815e744b440 , < 4c5b123ab289767afe940389dbb963c5c05e594e (git)
Affected: 38cfb5a45ee013bfab5d1ae4c4738815e744b440 , < 04f283fc16c8d5db641b6bffd2d8310aa7eccebc (git)
Affected: 38cfb5a45ee013bfab5d1ae4c4738815e744b440 , < e972b08b91ef48488bae9789f03cfedb148667fb (git)

Linux

Affected: 4.19
Unaffected: 0 , < 4.19 (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.228 , ≤ 5.10.* (semver)
Unaffected: 5.15.169 , ≤ 5.15.* (semver)
Unaffected: 6.1.114 , ≤ 6.1.* (semver)
Unaffected: 6.6.58 , ≤ 6.6.* (semver)
Unaffected: 6.11.5 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:25:14.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-rq-qos.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d04b72c9ef2b0689bfc1057d21c4aeed087c329f",
              "status": "affected",
              "version": "38cfb5a45ee013bfab5d1ae4c4738815e744b440",
              "versionType": "git"
            },
            {
              "lessThan": "3bc6d0f8b70a9101456cf02ab99acb75254e1852",
              "status": "affected",
              "version": "38cfb5a45ee013bfab5d1ae4c4738815e744b440",
              "versionType": "git"
            },
            {
              "lessThan": "455a469758e57a6fe070e3e342db12e4a629e0eb",
              "status": "affected",
              "version": "38cfb5a45ee013bfab5d1ae4c4738815e744b440",
              "versionType": "git"
            },
            {
              "lessThan": "b5e900a3612b69423a0e1b0ab67841a1fb4af80f",
              "status": "affected",
              "version": "38cfb5a45ee013bfab5d1ae4c4738815e744b440",
              "versionType": "git"
            },
            {
              "lessThan": "4c5b123ab289767afe940389dbb963c5c05e594e",
              "status": "affected",
              "version": "38cfb5a45ee013bfab5d1ae4c4738815e744b440",
              "versionType": "git"
            },
            {
              "lessThan": "04f283fc16c8d5db641b6bffd2d8310aa7eccebc",
              "status": "affected",
              "version": "38cfb5a45ee013bfab5d1ae4c4738815e744b440",
              "versionType": "git"
            },
            {
              "lessThan": "e972b08b91ef48488bae9789f03cfedb148667fb",
              "status": "affected",
              "version": "38cfb5a45ee013bfab5d1ae4c4738815e744b440",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-rq-qos.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.228",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.114",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.58",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.228",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.169",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.114",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.58",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.5",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race\n\nWe\u0027re seeing crashes from rq_qos_wake_function that look like this:\n\n  BUG: unable to handle page fault for address: ffffafe180a40084\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x0002) - not-present page\n  PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0\n  Oops: Oops: 0002 [#1] PREEMPT SMP PTI\n  CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40\n  Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 \u003cf0\u003e 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00\n  RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011\n  RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084\n  RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011\n  R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002\n  R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003\n  FS:  0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  PKRU: 55555554\n  Call Trace:\n   \u003cIRQ\u003e\n   try_to_wake_up+0x5a/0x6a0\n   rq_qos_wake_function+0x71/0x80\n   __wake_up_common+0x75/0xa0\n   __wake_up+0x36/0x60\n   scale_up.part.0+0x50/0x110\n   wb_timer_fn+0x227/0x450\n   ...\n\nSo rq_qos_wake_function() calls wake_up_process(data-\u003etask), which calls\ntry_to_wake_up(), which faults in raw_spin_lock_irqsave(\u0026p-\u003epi_lock).\n\np comes from data-\u003etask, and data comes from the waitqueue entry, which\nis stored on the waiter\u0027s stack in rq_qos_wait(). Analyzing the core\ndump with drgn, I found that the waiter had already woken up and moved\non to a completely unrelated code path, clobbering what was previously\ndata-\u003etask. Meanwhile, the waker was passing the clobbered garbage in\ndata-\u003etask to wake_up_process(), leading to the crash.\n\nWhat\u0027s happening is that in between rq_qos_wake_function() deleting the\nwaitqueue entry and calling wake_up_process(), rq_qos_wait() is finding\nthat it already got a token and returning. The race looks like this:\n\nrq_qos_wait()                           rq_qos_wake_function()\n==============================================================\nprepare_to_wait_exclusive()\n                                        data-\u003egot_token = true;\n                                        list_del_init(\u0026curr-\u003eentry);\nif (data.got_token)\n        break;\nfinish_wait(\u0026rqw-\u003ewait, \u0026data.wq);\n  ^- returns immediately because\n     list_empty_careful(\u0026wq_entry-\u003eentry)\n     is true\n... return, go do something else ...\n                                        wake_up_process(data-\u003etask)\n                                          (NO LONGER VALID!)-^\n\nNormally, finish_wait() is supposed to synchronize against the waker.\nBut, as noted above, it is returning immediately because the waitqueue\nentry has already been removed from the waitqueue.\n\nThe bug is that rq_qos_wake_function() is accessing the waitqueue entry\nAFTER deleting it. Note that autoremove_wake_function() wakes the waiter\nand THEN deletes the waitqueue entry, which is the proper order.\n\nFix it by swapping the order. We also need to use\nlist_del_init_careful() to match the list_empty_careful() in\nfinish_wait()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:45:31.872Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d04b72c9ef2b0689bfc1057d21c4aeed087c329f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3bc6d0f8b70a9101456cf02ab99acb75254e1852"
        },
        {
          "url": "https://git.kernel.org/stable/c/455a469758e57a6fe070e3e342db12e4a629e0eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5e900a3612b69423a0e1b0ab67841a1fb4af80f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c5b123ab289767afe940389dbb963c5c05e594e"
        },
        {
          "url": "https://git.kernel.org/stable/c/04f283fc16c8d5db641b6bffd2d8310aa7eccebc"
        },
        {
          "url": "https://git.kernel.org/stable/c/e972b08b91ef48488bae9789f03cfedb148667fb"
        }
      ],
      "title": "blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50082",
    "datePublished": "2024-10-29T00:50:24.667Z",
    "dateReserved": "2024-10-21T19:36:19.941Z",
    "dateUpdated": "2025-11-03T22:25:14.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53184 (GCVE-0-2024-53184)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-01-05 10:55

Title

um: ubd: Do not use drvdata in release

Summary

In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blk_mq_free_tag_set+0x1f/0xba RSP: 00000000e2083bf0 EFLAGS: 00010246 RAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00 RDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348 RBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7 R10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000 R13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0 Kernel panic - not syncing: Segfault with no mm CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1 Workqueue: events mc_work_proc Stack: 00000000 604f7ef0 62c5d000 62405d20 e2083c30 6002c776 6002c755 600e47ff e2083c60 6025ffe3 04208060 603d36e0 Call Trace: [<6002c776>] ubd_device_release+0x21/0x55 [<6002c755>] ? ubd_device_release+0x0/0x55 [<600e47ff>] ? kfree+0x0/0x100 [<6025ffe3>] device_release+0x70/0xba [<60381d6a>] kobject_put+0xb5/0xe2 [<6026027b>] put_device+0x19/0x1c [<6026a036>] platform_device_put+0x26/0x29 [<6026ac5a>] platform_device_unregister+0x2c/0x2e [<6002c52e>] ubd_remove+0xb8/0xd6 [<6002bb74>] ? mconsole_reply+0x0/0x50 [<6002b926>] mconsole_remove+0x160/0x1cc [<6002bbbc>] ? mconsole_reply+0x48/0x50 [<6003379c>] ? um_set_signals+0x3b/0x43 [<60061c55>] ? update_min_vruntime+0x14/0x70 [<6006251f>] ? dequeue_task_fair+0x164/0x235 [<600620aa>] ? update_cfs_group+0x0/0x40 [<603a0e77>] ? __schedule+0x0/0x3ed [<60033761>] ? um_set_signals+0x0/0x43 [<6002af6a>] mc_work_proc+0x77/0x91 [<600520b4>] process_scheduled_works+0x1af/0x2c3 [<6004ede3>] ? assign_work+0x0/0x58 [<600527a1>] worker_thread+0x2f7/0x37a [<6004ee3b>] ? set_pf_worker+0x0/0x64 [<6005765d>] ? arch_local_irq_save+0x0/0x2d [<60058e07>] ? kthread_exit+0x0/0x3a [<600524aa>] ? worker_thread+0x0/0x37a [<60058f9f>] kthread+0x130/0x135 [<6002068e>] new_thread_handler+0x85/0xb6

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/23d742a3fcd4781ee…
	https://git.kernel.org/stable/c/300e277e463e63269…
	https://git.kernel.org/stable/c/509ba8746f812e45a…
	https://git.kernel.org/stable/c/5727343348f34e11a…
	https://git.kernel.org/stable/c/a5a75207efae4b558…
	https://git.kernel.org/stable/c/2d194d951895df214…
	https://git.kernel.org/stable/c/e6e5a4cded9bef3a1…
	https://git.kernel.org/stable/c/16cf8511680809a9f…
	https://git.kernel.org/stable/c/5bee35e5389f450a7…

Impacted products

Vendor

Product

Version

Linux

Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 300e277e463e6326938dd55ea560eafa0f5c88a5 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 509ba8746f812e45a05034ba18b73db574693d11 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 5727343348f34e11a7c5a2a944d5aa505731d876 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < a5a75207efae4b558aaa34c288de7d6f2e926b4b (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 2d194d951895df214e066d08146e77cb6e02c1d4 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < e6e5a4cded9bef3a1b0a4fac815b7176eb9a18ec (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 16cf8511680809a9f20b3dd224c06d482648f9e2 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 5bee35e5389f450a7eea7318deb9073e9414d3b1 (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:21.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/ubd_kern.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "300e277e463e6326938dd55ea560eafa0f5c88a5",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "509ba8746f812e45a05034ba18b73db574693d11",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "5727343348f34e11a7c5a2a944d5aa505731d876",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "a5a75207efae4b558aaa34c288de7d6f2e926b4b",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "2d194d951895df214e066d08146e77cb6e02c1d4",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "e6e5a4cded9bef3a1b0a4fac815b7176eb9a18ec",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "16cf8511680809a9f20b3dd224c06d482648f9e2",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "5bee35e5389f450a7eea7318deb9073e9414d3b1",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/ubd_kern.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\num: ubd: Do not use drvdata in release\n\nThe drvdata is not available in release. Let\u0027s just use container_of()\nto get the ubd instance. Otherwise, removing a ubd device will result\nin a crash:\n\nRIP: 0033:blk_mq_free_tag_set+0x1f/0xba\nRSP: 00000000e2083bf0  EFLAGS: 00010246\nRAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00\nRDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348\nRBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7\nR10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000\nR13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0\nKernel panic - not syncing: Segfault with no mm\nCPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1\nWorkqueue: events mc_work_proc\nStack:\n 00000000 604f7ef0 62c5d000 62405d20\n e2083c30 6002c776 6002c755 600e47ff\n e2083c60 6025ffe3 04208060 603d36e0\nCall Trace:\n [\u003c6002c776\u003e] ubd_device_release+0x21/0x55\n [\u003c6002c755\u003e] ? ubd_device_release+0x0/0x55\n [\u003c600e47ff\u003e] ? kfree+0x0/0x100\n [\u003c6025ffe3\u003e] device_release+0x70/0xba\n [\u003c60381d6a\u003e] kobject_put+0xb5/0xe2\n [\u003c6026027b\u003e] put_device+0x19/0x1c\n [\u003c6026a036\u003e] platform_device_put+0x26/0x29\n [\u003c6026ac5a\u003e] platform_device_unregister+0x2c/0x2e\n [\u003c6002c52e\u003e] ubd_remove+0xb8/0xd6\n [\u003c6002bb74\u003e] ? mconsole_reply+0x0/0x50\n [\u003c6002b926\u003e] mconsole_remove+0x160/0x1cc\n [\u003c6002bbbc\u003e] ? mconsole_reply+0x48/0x50\n [\u003c6003379c\u003e] ? um_set_signals+0x3b/0x43\n [\u003c60061c55\u003e] ? update_min_vruntime+0x14/0x70\n [\u003c6006251f\u003e] ? dequeue_task_fair+0x164/0x235\n [\u003c600620aa\u003e] ? update_cfs_group+0x0/0x40\n [\u003c603a0e77\u003e] ? __schedule+0x0/0x3ed\n [\u003c60033761\u003e] ? um_set_signals+0x0/0x43\n [\u003c6002af6a\u003e] mc_work_proc+0x77/0x91\n [\u003c600520b4\u003e] process_scheduled_works+0x1af/0x2c3\n [\u003c6004ede3\u003e] ? assign_work+0x0/0x58\n [\u003c600527a1\u003e] worker_thread+0x2f7/0x37a\n [\u003c6004ee3b\u003e] ? set_pf_worker+0x0/0x64\n [\u003c6005765d\u003e] ? arch_local_irq_save+0x0/0x2d\n [\u003c60058e07\u003e] ? kthread_exit+0x0/0x3a\n [\u003c600524aa\u003e] ? worker_thread+0x0/0x37a\n [\u003c60058f9f\u003e] kthread+0x130/0x135\n [\u003c6002068e\u003e] new_thread_handler+0x85/0xb6"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:48.077Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/300e277e463e6326938dd55ea560eafa0f5c88a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/509ba8746f812e45a05034ba18b73db574693d11"
        },
        {
          "url": "https://git.kernel.org/stable/c/5727343348f34e11a7c5a2a944d5aa505731d876"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5a75207efae4b558aaa34c288de7d6f2e926b4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d194d951895df214e066d08146e77cb6e02c1d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6e5a4cded9bef3a1b0a4fac815b7176eb9a18ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/16cf8511680809a9f20b3dd224c06d482648f9e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bee35e5389f450a7eea7318deb9073e9414d3b1"
        }
      ],
      "title": "um: ubd: Do not use drvdata in release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53184",
    "datePublished": "2024-12-27T13:49:27.184Z",
    "dateReserved": "2024-11-19T17:17:25.010Z",
    "dateUpdated": "2026-01-05T10:55:48.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49895 (GCVE-0-2024-49895)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22

Title

drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ad89f83343a501890…
	https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4…
	https://git.kernel.org/stable/c/f3ccd855b4395ce65…
	https://git.kernel.org/stable/c/0d38a0751143afc03…
	https://git.kernel.org/stable/c/f5c3d306de91a4b69…
	https://git.kernel.org/stable/c/c4fdc2d6fea129684…
	https://git.kernel.org/stable/c/bc50b614d59990747…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < ad89f83343a501890cf082c8a584e96b59fe4015 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < f3ccd855b4395ce65f10dd37847167f52e122b70 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 0d38a0751143afc03faef02d55d31f70374ff843 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < f5c3d306de91a4b69cfe3eedb72b42d452593e42 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c4fdc2d6fea129684b82bab90bb52fbace494a58 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < bc50b614d59990747dd5aeced9ec22f9258991ff (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49895",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:43:41.739795Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:48:48.513Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:59.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ad89f83343a501890cf082c8a584e96b59fe4015",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "f3ccd855b4395ce65f10dd37847167f52e122b70",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "0d38a0751143afc03faef02d55d31f70374ff843",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "f5c3d306de91a4b69cfe3eedb72b42d452593e42",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "c4fdc2d6fea129684b82bab90bb52fbace494a58",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "bc50b614d59990747dd5aeced9ec22f9258991ff",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor  management module. The issue could occur when the index \u0027i\u0027\nexceeds the  number of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:20:56.790Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ad89f83343a501890cf082c8a584e96b59fe4015"
        },
        {
          "url": "https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3ccd855b4395ce65f10dd37847167f52e122b70"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d38a0751143afc03faef02d55d31f70374ff843"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5c3d306de91a4b69cfe3eedb72b42d452593e42"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4fdc2d6fea129684b82bab90bb52fbace494a58"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc50b614d59990747dd5aeced9ec22f9258991ff"
        }
      ],
      "title": "drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49895",
    "datePublished": "2024-10-21T18:01:29.028Z",
    "dateReserved": "2024-10-21T12:17:06.026Z",
    "dateUpdated": "2025-11-03T22:22:59.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26600 (GCVE-0-2024-26600)

Vulnerability from cvelistv5 – Published: 2024-02-24 14:56 – Updated: 2025-05-04 08:51

Title

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

Summary

In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a wakeup for example: configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute ... PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] ... musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88 __dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from __neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0 neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8 ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from __sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58 Let's fix the issue by checking for send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/486218c11e8d1c8f5…
	https://git.kernel.org/stable/c/8398d8d735ee93a04…
	https://git.kernel.org/stable/c/be3b82e4871ba00e9…
	https://git.kernel.org/stable/c/8cc889b9dea057972…
	https://git.kernel.org/stable/c/0430bfcd46657d911…
	https://git.kernel.org/stable/c/14ef61594a5a286ae…
	https://git.kernel.org/stable/c/396e17af6761b3cc9…
	https://git.kernel.org/stable/c/7104ba0f1958adb25…

Impacted products

Vendor

Product

Version

Linux

Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 486218c11e8d1c8f515a3bdd70d62203609d4b6b (git)
Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 8398d8d735ee93a04fb9e9f490e8cacd737e3bf5 (git)
Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < be3b82e4871ba00e9b5d0ede92d396d579d7b3b3 (git)
Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 8cc889b9dea0579726be9520fcc766077890b462 (git)
Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 0430bfcd46657d9116a26cd377f112cbc40826a4 (git)
Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 14ef61594a5a286ae0d493b8acbf9eac46fd04c4 (git)
Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 396e17af6761b3cc9e6e4ca94b4de7f642bfece1 (git)
Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 7104ba0f1958adb250319e68a15eff89ec4fd36d (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.78 , ≤ 6.1.* (semver)
Unaffected: 6.6.17 , ≤ 6.6.* (semver)
Unaffected: 6.7.5 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T17:03:23.255963Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T17:03:34.995Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/phy/ti/phy-omap-usb2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "486218c11e8d1c8f515a3bdd70d62203609d4b6b",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "8398d8d735ee93a04fb9e9f490e8cacd737e3bf5",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "be3b82e4871ba00e9b5d0ede92d396d579d7b3b3",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "8cc889b9dea0579726be9520fcc766077890b462",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "0430bfcd46657d9116a26cd377f112cbc40826a4",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "14ef61594a5a286ae0d493b8acbf9eac46fd04c4",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "396e17af6761b3cc9e6e4ca94b4de7f642bfece1",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "7104ba0f1958adb250319e68a15eff89ec4fd36d",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/phy/ti/phy-omap-usb2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.78",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.17",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet\u0027s fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:51:58.052Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
        },
        {
          "url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
        },
        {
          "url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
        }
      ],
      "title": "phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26600",
    "datePublished": "2024-02-24T14:56:55.674Z",
    "dateReserved": "2024-02-19T14:20:24.128Z",
    "dateUpdated": "2025-05-04T08:51:58.052Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49963 (GCVE-0-2024-49963)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23

Title

mailbox: bcm2835: Fix timeout during suspend mode

Summary

In the Linux kernel, the following vulnerability has been resolved: mailbox: bcm2835: Fix timeout during suspend mode During noirq suspend phase the Raspberry Pi power driver suffer of firmware property timeouts. The reason is that the IRQ of the underlying BCM2835 mailbox is disabled and rpi_firmware_property_list() will always run into a timeout [1]. Since the VideoCore side isn't consider as a wakeup source, set the IRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled during suspend-resume cycle. [1] PM: late suspend of devices complete after 1.754 msecs WARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128 rpi_firmware_property_list+0x204/0x22c Firmware transaction 0x00028001 timeout Modules linked in: CPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty #17 Hardware name: BCM2835 Call trace: unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x34/0x44 dump_stack_lvl from __warn+0x88/0xec __warn from warn_slowpath_fmt+0x7c/0xb0 warn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c rpi_firmware_property_list from rpi_firmware_property+0x68/0x8c rpi_firmware_property from rpi_firmware_set_power+0x54/0xc0 rpi_firmware_set_power from _genpd_power_off+0xe4/0x148 _genpd_power_off from genpd_sync_power_off+0x7c/0x11c genpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0 genpd_finish_suspend from dpm_run_callback+0x78/0xd0 dpm_run_callback from device_suspend_noirq+0xc0/0x238 device_suspend_noirq from dpm_suspend_noirq+0xb0/0x168 dpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac suspend_devices_and_enter from pm_suspend+0x254/0x2e4 pm_suspend from state_store+0xa8/0xd4 state_store from kernfs_fop_write_iter+0x154/0x1a0 kernfs_fop_write_iter from vfs_write+0x12c/0x184 vfs_write from ksys_write+0x78/0xc0 ksys_write from ret_fast_syscall+0x0/0x54 Exception stack(0xcc93dfa8 to 0xcc93dff0) [...] PM: noirq suspend of devices complete after 3095.584 msecs

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4e1e03760ee7cc477…
	https://git.kernel.org/stable/c/b0de20de29b139504…
	https://git.kernel.org/stable/c/32ee78823dea2d54a…
	https://git.kernel.org/stable/c/df293ea78740a4138…
	https://git.kernel.org/stable/c/90320cfc07b7d6e7a…
	https://git.kernel.org/stable/c/10a58555e0bb5cc46…
	https://git.kernel.org/stable/c/e65a9af05a0b59ebe…
	https://git.kernel.org/stable/c/dfeb67b2194ecc55e…
	https://git.kernel.org/stable/c/dc09f007caed3b2f6…

Impacted products

Vendor

Product

Version

Linux

Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < 4e1e03760ee7cc4779b6306867fe0fc02921b963 (git)
Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < b0de20de29b13950493a36bd4cf531200eb0e807 (git)
Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < 32ee78823dea2d54adaf6e05f86622eba359e091 (git)
Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < df293ea78740a41384d648041f38f645700288e1 (git)
Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < 90320cfc07b7d6e7a58fd8168f6380ec52ff0251 (git)
Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < 10a58555e0bb5cc4673c8bb73b8afc5fa651f0ac (git)
Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < e65a9af05a0b59ebeba28e5e82265a233db7bc27 (git)
Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < dfeb67b2194ecc55ef8065468c5adda3cdf59114 (git)
Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < dc09f007caed3b2f6a3b6bd7e13777557ae22bfd (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49963",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:34:51.005901Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:47.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:45.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mailbox/bcm2835-mailbox.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4e1e03760ee7cc4779b6306867fe0fc02921b963",
              "status": "affected",
              "version": "0bae6af6d704f026d4938739786e0a69d50177ca",
              "versionType": "git"
            },
            {
              "lessThan": "b0de20de29b13950493a36bd4cf531200eb0e807",
              "status": "affected",
              "version": "0bae6af6d704f026d4938739786e0a69d50177ca",
              "versionType": "git"
            },
            {
              "lessThan": "32ee78823dea2d54adaf6e05f86622eba359e091",
              "status": "affected",
              "version": "0bae6af6d704f026d4938739786e0a69d50177ca",
              "versionType": "git"
            },
            {
              "lessThan": "df293ea78740a41384d648041f38f645700288e1",
              "status": "affected",
              "version": "0bae6af6d704f026d4938739786e0a69d50177ca",
              "versionType": "git"
            },
            {
              "lessThan": "90320cfc07b7d6e7a58fd8168f6380ec52ff0251",
              "status": "affected",
              "version": "0bae6af6d704f026d4938739786e0a69d50177ca",
              "versionType": "git"
            },
            {
              "lessThan": "10a58555e0bb5cc4673c8bb73b8afc5fa651f0ac",
              "status": "affected",
              "version": "0bae6af6d704f026d4938739786e0a69d50177ca",
              "versionType": "git"
            },
            {
              "lessThan": "e65a9af05a0b59ebeba28e5e82265a233db7bc27",
              "status": "affected",
              "version": "0bae6af6d704f026d4938739786e0a69d50177ca",
              "versionType": "git"
            },
            {
              "lessThan": "dfeb67b2194ecc55ef8065468c5adda3cdf59114",
              "status": "affected",
              "version": "0bae6af6d704f026d4938739786e0a69d50177ca",
              "versionType": "git"
            },
            {
              "lessThan": "dc09f007caed3b2f6a3b6bd7e13777557ae22bfd",
              "status": "affected",
              "version": "0bae6af6d704f026d4938739786e0a69d50177ca",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mailbox/bcm2835-mailbox.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: bcm2835: Fix timeout during suspend mode\n\nDuring noirq suspend phase the Raspberry Pi power driver suffer of\nfirmware property timeouts. The reason is that the IRQ of the underlying\nBCM2835 mailbox is disabled and rpi_firmware_property_list() will always\nrun into a timeout [1].\n\nSince the VideoCore side isn\u0027t consider as a wakeup source, set the\nIRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled\nduring suspend-resume cycle.\n\n[1]\nPM: late suspend of devices complete after 1.754 msecs\nWARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128\n rpi_firmware_property_list+0x204/0x22c\nFirmware transaction 0x00028001 timeout\nModules linked in:\nCPU: 0 PID: 438 Comm: bash Tainted: G         C         6.9.3-dirty #17\nHardware name: BCM2835\nCall trace:\nunwind_backtrace from show_stack+0x18/0x1c\nshow_stack from dump_stack_lvl+0x34/0x44\ndump_stack_lvl from __warn+0x88/0xec\n__warn from warn_slowpath_fmt+0x7c/0xb0\nwarn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c\nrpi_firmware_property_list from rpi_firmware_property+0x68/0x8c\nrpi_firmware_property from rpi_firmware_set_power+0x54/0xc0\nrpi_firmware_set_power from _genpd_power_off+0xe4/0x148\n_genpd_power_off from genpd_sync_power_off+0x7c/0x11c\ngenpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0\ngenpd_finish_suspend from dpm_run_callback+0x78/0xd0\ndpm_run_callback from device_suspend_noirq+0xc0/0x238\ndevice_suspend_noirq from dpm_suspend_noirq+0xb0/0x168\ndpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac\nsuspend_devices_and_enter from pm_suspend+0x254/0x2e4\npm_suspend from state_store+0xa8/0xd4\nstate_store from kernfs_fop_write_iter+0x154/0x1a0\nkernfs_fop_write_iter from vfs_write+0x12c/0x184\nvfs_write from ksys_write+0x78/0xc0\nksys_write from ret_fast_syscall+0x0/0x54\nException stack(0xcc93dfa8 to 0xcc93dff0)\n[...]\nPM: noirq suspend of devices complete after 3095.584 msecs"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:42:29.091Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4e1e03760ee7cc4779b6306867fe0fc02921b963"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0de20de29b13950493a36bd4cf531200eb0e807"
        },
        {
          "url": "https://git.kernel.org/stable/c/32ee78823dea2d54adaf6e05f86622eba359e091"
        },
        {
          "url": "https://git.kernel.org/stable/c/df293ea78740a41384d648041f38f645700288e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/90320cfc07b7d6e7a58fd8168f6380ec52ff0251"
        },
        {
          "url": "https://git.kernel.org/stable/c/10a58555e0bb5cc4673c8bb73b8afc5fa651f0ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/e65a9af05a0b59ebeba28e5e82265a233db7bc27"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfeb67b2194ecc55ef8065468c5adda3cdf59114"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc09f007caed3b2f6a3b6bd7e13777557ae22bfd"
        }
      ],
      "title": "mailbox: bcm2835: Fix timeout during suspend mode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49963",
    "datePublished": "2024-10-21T18:02:15.091Z",
    "dateReserved": "2024-10-21T12:17:06.049Z",
    "dateUpdated": "2025-11-03T22:23:45.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40988 (GCVE-0-2024-40988)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:37 – Updated: 2026-01-05 10:37

Title

drm/radeon: fix UBSAN warning in kv_dpm.c

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/07e8f15fa16695cf4…
	https://git.kernel.org/stable/c/a8c6df9fe5bc39064…
	https://git.kernel.org/stable/c/febe794b83693257f…
	https://git.kernel.org/stable/c/cf1cc8fcfe517e108…
	https://git.kernel.org/stable/c/f803532bc38253841…
	https://git.kernel.org/stable/c/9e57611182a817824…
	https://git.kernel.org/stable/c/468a50fd46a09bba7…
	https://git.kernel.org/stable/c/a498df5421fd737d1…

Impacted products

Vendor

Product

Version

Linux

Affected: 80ea2c129c76a4159a93efeaef4385b6c964dfac , < 07e8f15fa16695cf4c90e89854e59af4a760055b (git)
Affected: 80ea2c129c76a4159a93efeaef4385b6c964dfac , < a8c6df9fe5bc390645d1e96eff14ffe414951aad (git)
Affected: 80ea2c129c76a4159a93efeaef4385b6c964dfac , < febe794b83693257f21a23d2e03ea695a62449c8 (git)
Affected: 80ea2c129c76a4159a93efeaef4385b6c964dfac , < cf1cc8fcfe517e108794fb711f7faabfca0dc855 (git)
Affected: 80ea2c129c76a4159a93efeaef4385b6c964dfac , < f803532bc3825384100dfc58873e035d77248447 (git)
Affected: 80ea2c129c76a4159a93efeaef4385b6c964dfac , < 9e57611182a817824a17b1c3dd300ee74a174b42 (git)
Affected: 80ea2c129c76a4159a93efeaef4385b6c964dfac , < 468a50fd46a09bba7ba18a11054ae64b6479ecdc (git)
Affected: 80ea2c129c76a4159a93efeaef4385b6c964dfac , < a498df5421fd737d11bfd152428ba6b1c8538321 (git)

Linux

Affected: 3.11
Unaffected: 0 , < 3.11 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:52.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07e8f15fa16695cf4c90e89854e59af4a760055b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a8c6df9fe5bc390645d1e96eff14ffe414951aad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/febe794b83693257f21a23d2e03ea695a62449c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf1cc8fcfe517e108794fb711f7faabfca0dc855"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f803532bc3825384100dfc58873e035d77248447"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e57611182a817824a17b1c3dd300ee74a174b42"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/468a50fd46a09bba7ba18a11054ae64b6479ecdc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a498df5421fd737d11bfd152428ba6b1c8538321"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40988",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:01:57.675980Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:20.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/radeon/sumo_dpm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "07e8f15fa16695cf4c90e89854e59af4a760055b",
              "status": "affected",
              "version": "80ea2c129c76a4159a93efeaef4385b6c964dfac",
              "versionType": "git"
            },
            {
              "lessThan": "a8c6df9fe5bc390645d1e96eff14ffe414951aad",
              "status": "affected",
              "version": "80ea2c129c76a4159a93efeaef4385b6c964dfac",
              "versionType": "git"
            },
            {
              "lessThan": "febe794b83693257f21a23d2e03ea695a62449c8",
              "status": "affected",
              "version": "80ea2c129c76a4159a93efeaef4385b6c964dfac",
              "versionType": "git"
            },
            {
              "lessThan": "cf1cc8fcfe517e108794fb711f7faabfca0dc855",
              "status": "affected",
              "version": "80ea2c129c76a4159a93efeaef4385b6c964dfac",
              "versionType": "git"
            },
            {
              "lessThan": "f803532bc3825384100dfc58873e035d77248447",
              "status": "affected",
              "version": "80ea2c129c76a4159a93efeaef4385b6c964dfac",
              "versionType": "git"
            },
            {
              "lessThan": "9e57611182a817824a17b1c3dd300ee74a174b42",
              "status": "affected",
              "version": "80ea2c129c76a4159a93efeaef4385b6c964dfac",
              "versionType": "git"
            },
            {
              "lessThan": "468a50fd46a09bba7ba18a11054ae64b6479ecdc",
              "status": "affected",
              "version": "80ea2c129c76a4159a93efeaef4385b6c964dfac",
              "versionType": "git"
            },
            {
              "lessThan": "a498df5421fd737d11bfd152428ba6b1c8538321",
              "status": "affected",
              "version": "80ea2c129c76a4159a93efeaef4385b6c964dfac",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/radeon/sumo_dpm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.11"
            },
            {
              "lessThan": "3.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:13.910Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/07e8f15fa16695cf4c90e89854e59af4a760055b"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8c6df9fe5bc390645d1e96eff14ffe414951aad"
        },
        {
          "url": "https://git.kernel.org/stable/c/febe794b83693257f21a23d2e03ea695a62449c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf1cc8fcfe517e108794fb711f7faabfca0dc855"
        },
        {
          "url": "https://git.kernel.org/stable/c/f803532bc3825384100dfc58873e035d77248447"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e57611182a817824a17b1c3dd300ee74a174b42"
        },
        {
          "url": "https://git.kernel.org/stable/c/468a50fd46a09bba7ba18a11054ae64b6479ecdc"
        },
        {
          "url": "https://git.kernel.org/stable/c/a498df5421fd737d11bfd152428ba6b1c8538321"
        }
      ],
      "title": "drm/radeon: fix UBSAN warning in kv_dpm.c",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40988",
    "datePublished": "2024-07-12T12:37:33.133Z",
    "dateReserved": "2024-07-12T12:17:45.605Z",
    "dateUpdated": "2026-01-05T10:37:13.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26736 (GCVE-0-2024-26736)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55

Title

afs: Increase buffer size in afs_update_volume_status()

Summary

In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. [DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5c27d85a69fa16a08…
	https://git.kernel.org/stable/c/d9b5e2b7a81968503…
	https://git.kernel.org/stable/c/e56662160fc24d28c…
	https://git.kernel.org/stable/c/e8530b170e4640172…
	https://git.kernel.org/stable/c/6e6065dd25b661420…
	https://git.kernel.org/stable/c/d34a5e57632bb5ff8…
	https://git.kernel.org/stable/c/6ea38e2aeb72349ca…

Impacted products

Vendor

Product

Version

Linux

Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < 5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5 (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < d9b5e2b7a8196850383c70d099bfd39e81ab6637 (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < e56662160fc24d28cb75ac095cc6415ae1bda43e (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < e8530b170e464017203e3b8c6c49af6e916aece1 (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < 6e6065dd25b661420fac19c34282b6c626fcd35e (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < d34a5e57632bb5ff825196ddd9a48ca403626dfa (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < 6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26736",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-05T17:35:04.677455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:32.562Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/afs/volume.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "d9b5e2b7a8196850383c70d099bfd39e81ab6637",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "e56662160fc24d28cb75ac095cc6415ae1bda43e",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "e8530b170e464017203e3b8c6c49af6e916aece1",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "6e6065dd25b661420fac19c34282b6c626fcd35e",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "d34a5e57632bb5ff825196ddd9a48ca403626dfa",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/afs/volume.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume-\u003evid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it\u0027s 20 + NUL, so increase it to 24 and use snprintf()]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:55:15.534Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"
        },
        {
          "url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"
        }
      ],
      "title": "afs: Increase buffer size in afs_update_volume_status()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26736",
    "datePublished": "2024-04-03T17:00:22.693Z",
    "dateReserved": "2024-02-19T14:20:24.166Z",
    "dateUpdated": "2025-05-04T08:55:15.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50282 (GCVE-0-2024-50282)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2025-11-03 22:28

Title

drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K. (cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434)

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/673bdb4200c092692…
	https://git.kernel.org/stable/c/8906728f2fbd6504c…
	https://git.kernel.org/stable/c/2faaee36e6e30f9ef…
	https://git.kernel.org/stable/c/4d75b9468021c7310…

Impacted products

Vendor

Product

Version

Linux

Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 673bdb4200c092692f83b5f7ba3df57021d52d29 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 8906728f2fbd6504cb488f4afdd66af28f330a7a (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 2faaee36e6e30f9efc7fa6bcb0bdcbe05c23f51f (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 4d75b9468021c73108b4439794d69e892b1d24e3 (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50282",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T16:07:41.785421Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T17:54:33.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:01.440Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "673bdb4200c092692f83b5f7ba3df57021d52d29",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "8906728f2fbd6504cb488f4afdd66af28f330a7a",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "2faaee36e6e30f9efc7fa6bcb0bdcbe05c23f51f",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "4d75b9468021c73108b4439794d69e892b1d24e3",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()\n\nAvoid a possible buffer overflow if size is larger than 4K.\n\n(cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:54.063Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/673bdb4200c092692f83b5f7ba3df57021d52d29"
        },
        {
          "url": "https://git.kernel.org/stable/c/8906728f2fbd6504cb488f4afdd66af28f330a7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2faaee36e6e30f9efc7fa6bcb0bdcbe05c23f51f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d75b9468021c73108b4439794d69e892b1d24e3"
        }
      ],
      "title": "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50282",
    "datePublished": "2024-11-19T01:30:24.581Z",
    "dateReserved": "2024-10-21T19:36:19.984Z",
    "dateUpdated": "2025-11-03T22:28:01.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49969 (GCVE-0-2024-49969)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23

Title

drm/amd/display: Fix index out of bounds in DCN30 color transformation

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7ab69af56a23859b6…
	https://git.kernel.org/stable/c/c13f9c62015c56a93…
	https://git.kernel.org/stable/c/0f1e222a4b41d77c4…
	https://git.kernel.org/stable/c/929506d5671419cff…
	https://git.kernel.org/stable/c/578422ddae3d13362…
	https://git.kernel.org/stable/c/b9d8b94ec7e67f0ca…
	https://git.kernel.org/stable/c/d81873f9e715b72d4…

Impacted products

Vendor

Product

Version

Linux

Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 7ab69af56a23859b647dee69fa1052c689343621 (git)
Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < c13f9c62015c56a938304cef6d507227ea3e0039 (git)
Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 0f1e222a4b41d77c442901d166fbdca967af0d86 (git)
Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 929506d5671419cffd8d01e9a7f5eae53682a838 (git)
Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 578422ddae3d13362b64e77ef9bab98780641631 (git)
Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < b9d8b94ec7e67f0cae228c054f77b73967c389a3 (git)
Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < d81873f9e715b72d4f8d391c8eb243946f784dfc (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:34:03.408240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:46.509Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:51.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7ab69af56a23859b647dee69fa1052c689343621",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "c13f9c62015c56a938304cef6d507227ea3e0039",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "0f1e222a4b41d77c442901d166fbdca967af0d86",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "929506d5671419cffd8d01e9a7f5eae53682a838",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "578422ddae3d13362b64e77ef9bab98780641631",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "b9d8b94ec7e67f0cae228c054f77b73967c389a3",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "d81873f9e715b72d4f8d391c8eb243946f784dfc",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 color transformation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color\nmanagement module. The issue could occur when the index \u0027i\u0027 exceeds the\nnumber of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:32.855Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7ab69af56a23859b647dee69fa1052c689343621"
        },
        {
          "url": "https://git.kernel.org/stable/c/c13f9c62015c56a938304cef6d507227ea3e0039"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f1e222a4b41d77c442901d166fbdca967af0d86"
        },
        {
          "url": "https://git.kernel.org/stable/c/929506d5671419cffd8d01e9a7f5eae53682a838"
        },
        {
          "url": "https://git.kernel.org/stable/c/578422ddae3d13362b64e77ef9bab98780641631"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9d8b94ec7e67f0cae228c054f77b73967c389a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/d81873f9e715b72d4f8d391c8eb243946f784dfc"
        }
      ],
      "title": "drm/amd/display: Fix index out of bounds in DCN30 color transformation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49969",
    "datePublished": "2024-10-21T18:02:19.044Z",
    "dateReserved": "2024-10-21T12:17:06.051Z",
    "dateUpdated": "2025-11-03T22:23:51.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41095 (GCVE-0-2024-41095)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:48 – Updated: 2026-01-05 10:51

Title

drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9289cd3450d1da3e2…
	https://git.kernel.org/stable/c/dbd75f32252508ed6…
	https://git.kernel.org/stable/c/259549b2ccf795b7f…
	https://git.kernel.org/stable/c/0d17604f2e44b3df2…
	https://git.kernel.org/stable/c/f95ed0f54b3d3faec…
	https://git.kernel.org/stable/c/cb751e48bbcffd292…
	https://git.kernel.org/stable/c/bdda5072494f2a721…
	https://git.kernel.org/stable/c/66edf3fb331b6c554…

Impacted products

Vendor

Product

Version

Linux

Affected: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 , < 9289cd3450d1da3e271ef4b054d4d2932c41243e (git)
Affected: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 , < dbd75f32252508ed6c46c3288a282c301a57ceeb (git)
Affected: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 , < 259549b2ccf795b7f91f7b5aba47286addcfa389 (git)
Affected: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 , < 0d17604f2e44b3df21e218fe8fb3b836d41bac49 (git)
Affected: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 , < f95ed0f54b3d3faecae1140ddab854f904a6e7c8 (git)
Affected: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 , < cb751e48bbcffd292090f7882b23b215111b3d72 (git)
Affected: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 , < bdda5072494f2a7215d94fc4124ad1949a218714 (git)
Affected: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 , < 66edf3fb331b6c55439b10f9862987b0916b3726 (git)

Linux

Affected: 2.6.33
Unaffected: 0 , < 2.6.33 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:52.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9289cd3450d1da3e271ef4b054d4d2932c41243e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dbd75f32252508ed6c46c3288a282c301a57ceeb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/259549b2ccf795b7f91f7b5aba47286addcfa389"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d17604f2e44b3df21e218fe8fb3b836d41bac49"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f95ed0f54b3d3faecae1140ddab854f904a6e7c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb751e48bbcffd292090f7882b23b215111b3d72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bdda5072494f2a7215d94fc4124ad1949a218714"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66edf3fb331b6c55439b10f9862987b0916b3726"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41095",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:20:25.562753Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:09.325Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/dispnv04/tvnv17.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9289cd3450d1da3e271ef4b054d4d2932c41243e",
              "status": "affected",
              "version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
              "versionType": "git"
            },
            {
              "lessThan": "dbd75f32252508ed6c46c3288a282c301a57ceeb",
              "status": "affected",
              "version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
              "versionType": "git"
            },
            {
              "lessThan": "259549b2ccf795b7f91f7b5aba47286addcfa389",
              "status": "affected",
              "version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
              "versionType": "git"
            },
            {
              "lessThan": "0d17604f2e44b3df21e218fe8fb3b836d41bac49",
              "status": "affected",
              "version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
              "versionType": "git"
            },
            {
              "lessThan": "f95ed0f54b3d3faecae1140ddab854f904a6e7c8",
              "status": "affected",
              "version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
              "versionType": "git"
            },
            {
              "lessThan": "cb751e48bbcffd292090f7882b23b215111b3d72",
              "status": "affected",
              "version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
              "versionType": "git"
            },
            {
              "lessThan": "bdda5072494f2a7215d94fc4124ad1949a218714",
              "status": "affected",
              "version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
              "versionType": "git"
            },
            {
              "lessThan": "66edf3fb331b6c55439b10f9862987b0916b3726",
              "status": "affected",
              "version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/dispnv04/tvnv17.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes\n\nIn nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:27.712Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9289cd3450d1da3e271ef4b054d4d2932c41243e"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbd75f32252508ed6c46c3288a282c301a57ceeb"
        },
        {
          "url": "https://git.kernel.org/stable/c/259549b2ccf795b7f91f7b5aba47286addcfa389"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d17604f2e44b3df21e218fe8fb3b836d41bac49"
        },
        {
          "url": "https://git.kernel.org/stable/c/f95ed0f54b3d3faecae1140ddab854f904a6e7c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb751e48bbcffd292090f7882b23b215111b3d72"
        },
        {
          "url": "https://git.kernel.org/stable/c/bdda5072494f2a7215d94fc4124ad1949a218714"
        },
        {
          "url": "https://git.kernel.org/stable/c/66edf3fb331b6c55439b10f9862987b0916b3726"
        }
      ],
      "title": "drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41095",
    "datePublished": "2024-07-29T15:48:08.324Z",
    "dateReserved": "2024-07-12T12:17:45.637Z",
    "dateUpdated": "2026-01-05T10:51:27.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56531 (GCVE-0-2024-56531)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:11 – Updated: 2025-11-03 20:49

Title

ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close. This patch also splits the code to the disconnect and the free phases; the former is called immediately at the USB disconnect callback while the latter is called from the card destructor.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3993edf44d3df7b6e…
	https://git.kernel.org/stable/c/ebad462eec93b0f70…
	https://git.kernel.org/stable/c/4dd821dcbfcecf7af…
	https://git.kernel.org/stable/c/cadf1d8e9ddcd7458…
	https://git.kernel.org/stable/c/237f3faf0177bdde7…
	https://git.kernel.org/stable/c/4507a8b9b30344c5d…
	https://git.kernel.org/stable/c/dd0de8cb708951ceb…
	https://git.kernel.org/stable/c/a3f9314752dbb6f6a…
	https://git.kernel.org/stable/c/b04dcbb7f7b190880…

Impacted products

Vendor

Product

Version

Linux

Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < 3993edf44d3df7b6e8c753eac6ac8783473fcbab (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < ebad462eec93b0f701dfe4de98990e7355283801 (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < 4dd821dcbfcecf7af6a08370b0b217cde2818acf (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < cadf1d8e9ddcd74584ec961aeac14ac549b261d8 (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < 237f3faf0177bdde728fa3106d730d806436aa4d (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < 4507a8b9b30344c5ddd8219945f446d47e966a6d (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < dd0de8cb708951cebf727aa045e8242ba651bb52 (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < a3f9314752dbb6f6aa1f0f2b4c58243bda800738 (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < b04dcbb7f7b1908806b7dc22671cdbe78ff2b82c (git)

Linux

Affected: 2.6.22
Unaffected: 0 , < 2.6.22 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56531",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:02:52.447796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:17.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:10.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/caiaq/audio.c",
            "sound/usb/caiaq/audio.h",
            "sound/usb/caiaq/device.c",
            "sound/usb/caiaq/input.c",
            "sound/usb/caiaq/input.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3993edf44d3df7b6e8c753eac6ac8783473fcbab",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "ebad462eec93b0f701dfe4de98990e7355283801",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "4dd821dcbfcecf7af6a08370b0b217cde2818acf",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "cadf1d8e9ddcd74584ec961aeac14ac549b261d8",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "237f3faf0177bdde728fa3106d730d806436aa4d",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "4507a8b9b30344c5ddd8219945f446d47e966a6d",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "dd0de8cb708951cebf727aa045e8242ba651bb52",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "a3f9314752dbb6f6aa1f0f2b4c58243bda800738",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "b04dcbb7f7b1908806b7dc22671cdbe78ff2b82c",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/caiaq/audio.c",
            "sound/usb/caiaq/audio.h",
            "sound/usb/caiaq/device.c",
            "sound/usb/caiaq/input.c",
            "sound/usb/caiaq/input.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.22"
            },
            {
              "lessThan": "2.6.22",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: caiaq: Use snd_card_free_when_closed() at disconnection\n\nThe USB disconnect callback is supposed to be short and not too-long\nwaiting.  OTOH, the current code uses snd_card_free() at\ndisconnection, but this waits for the close of all used fds, hence it\ncan take long.  It eventually blocks the upper layer USB ioctls, which\nmay trigger a soft lockup.\n\nAn easy workaround is to replace snd_card_free() with\nsnd_card_free_when_closed().  This variant returns immediately while\nthe release of resources is done asynchronously by the card device\nrelease at the last close.\n\nThis patch also splits the code to the disconnect and the free phases;\nthe former is called immediately at the USB disconnect callback while\nthe latter is called from the card destructor."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:57:26.124Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3993edf44d3df7b6e8c753eac6ac8783473fcbab"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebad462eec93b0f701dfe4de98990e7355283801"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dd821dcbfcecf7af6a08370b0b217cde2818acf"
        },
        {
          "url": "https://git.kernel.org/stable/c/cadf1d8e9ddcd74584ec961aeac14ac549b261d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/237f3faf0177bdde728fa3106d730d806436aa4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4507a8b9b30344c5ddd8219945f446d47e966a6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd0de8cb708951cebf727aa045e8242ba651bb52"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3f9314752dbb6f6aa1f0f2b4c58243bda800738"
        },
        {
          "url": "https://git.kernel.org/stable/c/b04dcbb7f7b1908806b7dc22671cdbe78ff2b82c"
        }
      ],
      "title": "ALSA: caiaq: Use snd_card_free_when_closed() at disconnection",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56531",
    "datePublished": "2024-12-27T14:11:14.161Z",
    "dateReserved": "2024-12-27T14:03:05.984Z",
    "dateUpdated": "2025-11-03T20:49:10.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-48935 (GCVE-0-2022-48935)

Vulnerability from cvelistv5 – Published: 2024-08-22 03:31 – Updated: 2025-06-19 12:39

Title

netfilter: nf_tables: unregister flowtable hooks on netns exit

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nf_tables_flowtable_destroy() otherwise hook core reports UAF. BUG: KASAN: use-after-free in nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142 Read of size 4 at addr ffff8880736f7438 by task syz-executor579/3666 CPU: 0 PID: 3666 Comm: syz-executor579 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] __dump_stack lib/dump_stack.c:88 [inline] lib/dump_stack.c:106 dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 lib/dump_stack.c:106 print_address_description+0x65/0x380 mm/kasan/report.c:247 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] __kasan_report mm/kasan/report.c:433 [inline] mm/kasan/report.c:450 kasan_report+0x19a/0x1f0 mm/kasan/report.c:450 mm/kasan/report.c:450 nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142 __nf_register_net_hook+0x27e/0x8d0 net/netfilter/core.c:429 net/netfilter/core.c:429 nf_register_net_hook+0xaa/0x180 net/netfilter/core.c:571 net/netfilter/core.c:571 nft_register_flowtable_net_hooks+0x3c5/0x730 net/netfilter/nf_tables_api.c:7232 net/netfilter/nf_tables_api.c:7232 nf_tables_newflowtable+0x2022/0x2cf0 net/netfilter/nf_tables_api.c:7430 net/netfilter/nf_tables_api.c:7430 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] net/netfilter/nfnetlink.c:652 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] net/netfilter/nfnetlink.c:652 nfnetlink_rcv+0x10e6/0x2550 net/netfilter/nfnetlink.c:652 net/netfilter/nfnetlink.c:652 __nft_release_hook() calls nft_unregister_flowtable_net_hooks() which only unregisters the hooks, then after RCU grace period, it is guaranteed that no packets add new entries to the flowtable (no flow offload rules and flowtable hooks are reachable from packet path), so it is safe to call nf_flow_table_free() which cleans up the remaining entries from the flowtable (both software and hardware) and it unbinds the flow_block.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e51f30826bc538480…
	https://git.kernel.org/stable/c/8ffb8ac3448845f65…
	https://git.kernel.org/stable/c/b4fcc081e527aa2ce…
	https://git.kernel.org/stable/c/6069da443bf65f513…

Impacted products

Vendor

Product

Version

Linux

Affected: ff4bf2f42a40e7dff28379f085b64df322c70b45 , < e51f30826bc5384801df98d76109c94953d1df64 (git)
Affected: ff4bf2f42a40e7dff28379f085b64df322c70b45 , < 8ffb8ac3448845f65634889b051bd65e4dee484b (git)
Affected: ff4bf2f42a40e7dff28379f085b64df322c70b45 , < b4fcc081e527aa2ce12e956912fc47e251f6bd27 (git)
Affected: ff4bf2f42a40e7dff28379f085b64df322c70b45 , < 6069da443bf65f513bb507bb21e2f87cfb1ad0b6 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.198 , ≤ 5.10.* (semver)
Unaffected: 5.15.26 , ≤ 5.15.* (semver)
Unaffected: 5.16.12 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:32:37.130969Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:09.712Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e51f30826bc5384801df98d76109c94953d1df64",
              "status": "affected",
              "version": "ff4bf2f42a40e7dff28379f085b64df322c70b45",
              "versionType": "git"
            },
            {
              "lessThan": "8ffb8ac3448845f65634889b051bd65e4dee484b",
              "status": "affected",
              "version": "ff4bf2f42a40e7dff28379f085b64df322c70b45",
              "versionType": "git"
            },
            {
              "lessThan": "b4fcc081e527aa2ce12e956912fc47e251f6bd27",
              "status": "affected",
              "version": "ff4bf2f42a40e7dff28379f085b64df322c70b45",
              "versionType": "git"
            },
            {
              "lessThan": "6069da443bf65f513bb507bb21e2f87cfb1ad0b6",
              "status": "affected",
              "version": "ff4bf2f42a40e7dff28379f085b64df322c70b45",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.198",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.198",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.26",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.12",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unregister flowtable hooks on netns exit\n\nUnregister flowtable hooks before they are releases via\nnf_tables_flowtable_destroy() otherwise hook core reports UAF.\n\nBUG: KASAN: use-after-free in nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142\nRead of size 4 at addr ffff8880736f7438 by task syz-executor579/3666\n\nCPU: 0 PID: 3666 Comm: syz-executor579 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n __dump_stack lib/dump_stack.c:88 [inline] lib/dump_stack.c:106\n dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 lib/dump_stack.c:106\n print_address_description+0x65/0x380 mm/kasan/report.c:247 mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n __kasan_report mm/kasan/report.c:433 [inline] mm/kasan/report.c:450\n kasan_report+0x19a/0x1f0 mm/kasan/report.c:450 mm/kasan/report.c:450\n nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142\n __nf_register_net_hook+0x27e/0x8d0 net/netfilter/core.c:429 net/netfilter/core.c:429\n nf_register_net_hook+0xaa/0x180 net/netfilter/core.c:571 net/netfilter/core.c:571\n nft_register_flowtable_net_hooks+0x3c5/0x730 net/netfilter/nf_tables_api.c:7232 net/netfilter/nf_tables_api.c:7232\n nf_tables_newflowtable+0x2022/0x2cf0 net/netfilter/nf_tables_api.c:7430 net/netfilter/nf_tables_api.c:7430\n nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline]\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]\n nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] net/netfilter/nfnetlink.c:652\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] net/netfilter/nfnetlink.c:652\n nfnetlink_rcv+0x10e6/0x2550 net/netfilter/nfnetlink.c:652 net/netfilter/nfnetlink.c:652\n\n__nft_release_hook() calls nft_unregister_flowtable_net_hooks() which\nonly unregisters the hooks, then after RCU grace period, it is\nguaranteed that no packets add new entries to the flowtable (no flow\noffload rules and flowtable hooks are reachable from packet path), so it\nis safe to call nf_flow_table_free() which cleans up the remaining\nentries from the flowtable (both software and hardware) and it unbinds\nthe flow_block."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:39:04.793Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e51f30826bc5384801df98d76109c94953d1df64"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ffb8ac3448845f65634889b051bd65e4dee484b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4fcc081e527aa2ce12e956912fc47e251f6bd27"
        },
        {
          "url": "https://git.kernel.org/stable/c/6069da443bf65f513bb507bb21e2f87cfb1ad0b6"
        }
      ],
      "title": "netfilter: nf_tables: unregister flowtable hooks on netns exit",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48935",
    "datePublished": "2024-08-22T03:31:29.598Z",
    "dateReserved": "2024-08-21T06:06:23.299Z",
    "dateUpdated": "2025-06-19T12:39:04.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26839 (GCVE-0-2024-26839)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2025-05-04 08:57

Title

IB/hfi1: Fix a memleak in init_credit_return

Summary

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_credit_return When dma_alloc_coherent fails to allocate dd->cr_base[i].va, init_credit_return should deallocate dd->cr_base and dd->cr_base[i] that allocated before. Or those resources would be never freed and a memleak is triggered.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2e4f9f20b32658ef3…
	https://git.kernel.org/stable/c/cecfb90cf71d91e9e…
	https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7…
	https://git.kernel.org/stable/c/52de5805c14713720…
	https://git.kernel.org/stable/c/f0d857ce31a6bc7a8…
	https://git.kernel.org/stable/c/b41d0ade0398007fb…
	https://git.kernel.org/stable/c/8412c86e89cc78d8b…
	https://git.kernel.org/stable/c/809aa64ebff51eb17…

Impacted products

Vendor

Product

Version

Linux

Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 2e4f9f20b32658ef3724aa46f7aef4908d2609e3 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < cecfb90cf71d91e9efebd68b9e9b84661b277cc8 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 52de5805c147137205662af89ed7e083d656ae25 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < f0d857ce31a6bc7a82afcdbadb8f7417d482604b (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < b41d0ade0398007fb746213f09903d52a920e896 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 8412c86e89cc78d8b513cb25cf2157a2adf3670a (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 809aa64ebff51eb170ee31a95f83b2d21efa32e2 (git)

Linux

Affected: 4.3
Unaffected: 0 , < 4.3 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26839",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T19:24:08.338788Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T19:24:16.847Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hfi1/pio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2e4f9f20b32658ef3724aa46f7aef4908d2609e3",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "cecfb90cf71d91e9efebd68b9e9b84661b277cc8",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "52de5805c147137205662af89ed7e083d656ae25",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "f0d857ce31a6bc7a82afcdbadb8f7417d482604b",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "b41d0ade0398007fb746213f09903d52a920e896",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "8412c86e89cc78d8b513cb25cf2157a2adf3670a",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "809aa64ebff51eb170ee31a95f83b2d21efa32e2",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hfi1/pio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix a memleak in init_credit_return\n\nWhen dma_alloc_coherent fails to allocate dd-\u003ecr_base[i].va,\ninit_credit_return should deallocate dd-\u003ecr_base and\ndd-\u003ecr_base[i] that allocated before. Or those resources\nwould be never freed and a memleak is triggered."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:41.410Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
        },
        {
          "url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
        },
        {
          "url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
        }
      ],
      "title": "IB/hfi1: Fix a memleak in init_credit_return",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26839",
    "datePublished": "2024-04-17T10:10:05.536Z",
    "dateReserved": "2024-02-19T14:20:24.182Z",
    "dateUpdated": "2025-05-04T08:57:41.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49858 (GCVE-0-2024-49858)

Vulnerability from cvelistv5 – Published: 2024-10-21 12:27 – Updated: 2026-01-05 10:54

Title

efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption

Summary

In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service is cached in memory, and passed on to the OS using an EFI configuration table. The use of EFI_LOADER_DATA here results in the region being left unreserved in the E820 memory map constructed by the EFI stub, and this is the memory description that is passed on to the incoming kernel by kexec, which is therefore unaware that the region should be reserved. Even though the utility of the TPM2 event log after a kexec is questionable, any corruption might send the parsing code off into the weeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY instead, which is always treated as reserved by the E820 conversion logic.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f76b69ab9cf043582…
	https://git.kernel.org/stable/c/11690d7e76842f29b…
	https://git.kernel.org/stable/c/5b22c038fb2757c65…
	https://git.kernel.org/stable/c/19fd2f2c5fb36b615…
	https://git.kernel.org/stable/c/38d9b07d99b789efb…
	https://git.kernel.org/stable/c/2e6871a632a99d9b9…
	https://git.kernel.org/stable/c/77d48d39e99170b52…

Impacted products

Vendor

Product

Version

Linux

Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < f76b69ab9cf04358266e3cea5748c0c2791fbb08 (git)
Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 11690d7e76842f29b60fbb5b35bc97d206ea0e83 (git)
Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 5b22c038fb2757c652642933de5664da471f8cb7 (git)
Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 19fd2f2c5fb36b61506d3208474bfd8fdf1cada3 (git)
Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 38d9b07d99b789efb6d8dda21f1aaad636c38993 (git)
Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 2e6871a632a99d9b9e2ce3a7847acabe99e5a26e (git)
Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 77d48d39e99170b528e4f2e9fc5d1d64cdedd386 (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.54 , ≤ 6.6.* (semver)
Unaffected: 6.10.13 , ≤ 6.10.* (semver)
Unaffected: 6.11.2 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49858",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T12:56:02.250795Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:04:10.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:27.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/libstub/tpm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f76b69ab9cf04358266e3cea5748c0c2791fbb08",
              "status": "affected",
              "version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
              "versionType": "git"
            },
            {
              "lessThan": "11690d7e76842f29b60fbb5b35bc97d206ea0e83",
              "status": "affected",
              "version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
              "versionType": "git"
            },
            {
              "lessThan": "5b22c038fb2757c652642933de5664da471f8cb7",
              "status": "affected",
              "version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
              "versionType": "git"
            },
            {
              "lessThan": "19fd2f2c5fb36b61506d3208474bfd8fdf1cada3",
              "status": "affected",
              "version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
              "versionType": "git"
            },
            {
              "lessThan": "38d9b07d99b789efb6d8dda21f1aaad636c38993",
              "status": "affected",
              "version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
              "versionType": "git"
            },
            {
              "lessThan": "2e6871a632a99d9b9e2ce3a7847acabe99e5a26e",
              "status": "affected",
              "version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
              "versionType": "git"
            },
            {
              "lessThan": "77d48d39e99170b528e4f2e9fc5d1d64cdedd386",
              "status": "affected",
              "version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/libstub/tpm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption\n\nThe TPM event log table is a Linux specific construct, where the data\nproduced by the GetEventLog() boot service is cached in memory, and\npassed on to the OS using an EFI configuration table.\n\nThe use of EFI_LOADER_DATA here results in the region being left\nunreserved in the E820 memory map constructed by the EFI stub, and this\nis the memory description that is passed on to the incoming kernel by\nkexec, which is therefore unaware that the region should be reserved.\n\nEven though the utility of the TPM2 event log after a kexec is\nquestionable, any corruption might send the parsing code off into the\nweeds and crash the kernel. So let\u0027s use EFI_ACPI_RECLAIM_MEMORY\ninstead, which is always treated as reserved by the E820 conversion\nlogic."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:54:07.683Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f76b69ab9cf04358266e3cea5748c0c2791fbb08"
        },
        {
          "url": "https://git.kernel.org/stable/c/11690d7e76842f29b60fbb5b35bc97d206ea0e83"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b22c038fb2757c652642933de5664da471f8cb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/19fd2f2c5fb36b61506d3208474bfd8fdf1cada3"
        },
        {
          "url": "https://git.kernel.org/stable/c/38d9b07d99b789efb6d8dda21f1aaad636c38993"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e6871a632a99d9b9e2ce3a7847acabe99e5a26e"
        },
        {
          "url": "https://git.kernel.org/stable/c/77d48d39e99170b528e4f2e9fc5d1d64cdedd386"
        }
      ],
      "title": "efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49858",
    "datePublished": "2024-10-21T12:27:17.308Z",
    "dateReserved": "2024-10-21T12:17:06.016Z",
    "dateUpdated": "2026-01-05T10:54:07.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42244 (GCVE-0-2024-42244)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2025-11-03 22:02

Title

USB: serial: mos7840: fix crash on resume

Summary

In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure. Fix this by implementing dedicated suspend and resume functions for mos7840. Tested with Delock 87414 USB 2.0 to 4x serial adapter. [ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/932a86a711c722b45…
	https://git.kernel.org/stable/c/b14aa5673e0a8077f…
	https://git.kernel.org/stable/c/1094ed500987e67a9…
	https://git.kernel.org/stable/c/5ae6a64f18211851c…
	https://git.kernel.org/stable/c/553e67dec846323b5…
	https://git.kernel.org/stable/c/c15a688e49987385b…

Impacted products

Vendor

Product

Version

Linux

Affected: d83b405383c965498923f3561c3321e2b5df5727 , < 932a86a711c722b45ed47ba2103adca34d225b33 (git)
Affected: d83b405383c965498923f3561c3321e2b5df5727 , < b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4 (git)
Affected: d83b405383c965498923f3561c3321e2b5df5727 , < 1094ed500987e67a9d18b0f95e1812f1cc720856 (git)
Affected: d83b405383c965498923f3561c3321e2b5df5727 , < 5ae6a64f18211851c8df6b4221381c438b9a7348 (git)
Affected: d83b405383c965498923f3561c3321e2b5df5727 , < 553e67dec846323b5575e78a776cf594c13f98c4 (git)
Affected: d83b405383c965498923f3561c3321e2b5df5727 , < c15a688e49987385baa8804bf65d570e362f8576 (git)

Linux

Affected: 3.3
Unaffected: 0 , < 3.3 (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42244",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:13:38.256870Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:31.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:43.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/serial/mos7840.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "932a86a711c722b45ed47ba2103adca34d225b33",
              "status": "affected",
              "version": "d83b405383c965498923f3561c3321e2b5df5727",
              "versionType": "git"
            },
            {
              "lessThan": "b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4",
              "status": "affected",
              "version": "d83b405383c965498923f3561c3321e2b5df5727",
              "versionType": "git"
            },
            {
              "lessThan": "1094ed500987e67a9d18b0f95e1812f1cc720856",
              "status": "affected",
              "version": "d83b405383c965498923f3561c3321e2b5df5727",
              "versionType": "git"
            },
            {
              "lessThan": "5ae6a64f18211851c8df6b4221381c438b9a7348",
              "status": "affected",
              "version": "d83b405383c965498923f3561c3321e2b5df5727",
              "versionType": "git"
            },
            {
              "lessThan": "553e67dec846323b5575e78a776cf594c13f98c4",
              "status": "affected",
              "version": "d83b405383c965498923f3561c3321e2b5df5727",
              "versionType": "git"
            },
            {
              "lessThan": "c15a688e49987385baa8804bf65d570e362f8576",
              "status": "affected",
              "version": "d83b405383c965498923f3561c3321e2b5df5727",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/serial/mos7840.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: mos7840: fix crash on resume\n\nSince commit c49cfa917025 (\"USB: serial: use generic method if no\nalternative is provided in usb serial layer\"), USB serial core calls the\ngeneric resume implementation when the driver has not provided one.\n\nThis can trigger a crash on resume with mos7840 since support for\nmultiple read URBs was added back in 2011. Specifically, both port read\nURBs are now submitted on resume for open ports, but the context pointer\nof the second URB is left set to the core rather than mos7840 port\nstructure.\n\nFix this by implementing dedicated suspend and resume functions for\nmos7840.\n\nTested with Delock 87414 USB 2.0 to 4x serial adapter.\n\n[ johan: analyse crash and rewrite commit message; set busy flag on\n         resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:57.378Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/932a86a711c722b45ed47ba2103adca34d225b33"
        },
        {
          "url": "https://git.kernel.org/stable/c/b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/1094ed500987e67a9d18b0f95e1812f1cc720856"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ae6a64f18211851c8df6b4221381c438b9a7348"
        },
        {
          "url": "https://git.kernel.org/stable/c/553e67dec846323b5575e78a776cf594c13f98c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c15a688e49987385baa8804bf65d570e362f8576"
        }
      ],
      "title": "USB: serial: mos7840: fix crash on resume",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42244",
    "datePublished": "2024-08-07T15:14:30.359Z",
    "dateReserved": "2024-07-30T07:40:12.254Z",
    "dateUpdated": "2025-11-03T22:02:43.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26606 (GCVE-0-2024-26606)

Vulnerability from cvelistv5 – Published: 2024-02-26 14:39 – Updated: 2025-11-04 18:29

Title

binder: signal epoll threads of self-work

Summary

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/dd64bb8329ce0ea27…
	https://git.kernel.org/stable/c/42beab162dcee1e69…
	https://git.kernel.org/stable/c/a423042052ec2bdbf…
	https://git.kernel.org/stable/c/82722b453dc2f967b…
	https://git.kernel.org/stable/c/90e09c016d72b91e7…
	https://git.kernel.org/stable/c/a7ae586f6f6024f49…
	https://git.kernel.org/stable/c/93b372c39c40cbf17…
	https://git.kernel.org/stable/c/97830f3c3088638ff…

Impacted products

Vendor

Product

Version

Linux

Affected: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 , < dd64bb8329ce0ea27bc557e4160c2688835402ac (git)
Affected: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 , < 42beab162dcee1e691ee4934292d51581c29df61 (git)
Affected: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 , < a423042052ec2bdbf1e552e621e6a768922363cc (git)
Affected: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 , < 82722b453dc2f967b172603e389ee7dc1b3137cc (git)
Affected: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 , < 90e09c016d72b91e76de25f71c7b93d94cc3c769 (git)
Affected: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 , < a7ae586f6f6024f490b8546c8c84670f96bb9b68 (git)
Affected: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 , < 93b372c39c40cbf179e56621e6bc48240943af69 (git)
Affected: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 , < 97830f3c3088638ff90b20dfba2eb4d487bf14d7 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26606",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T17:03:56.068498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T17:03:58.774Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:29:53.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/android/binder.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dd64bb8329ce0ea27bc557e4160c2688835402ac",
              "status": "affected",
              "version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
              "versionType": "git"
            },
            {
              "lessThan": "42beab162dcee1e691ee4934292d51581c29df61",
              "status": "affected",
              "version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
              "versionType": "git"
            },
            {
              "lessThan": "a423042052ec2bdbf1e552e621e6a768922363cc",
              "status": "affected",
              "version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
              "versionType": "git"
            },
            {
              "lessThan": "82722b453dc2f967b172603e389ee7dc1b3137cc",
              "status": "affected",
              "version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
              "versionType": "git"
            },
            {
              "lessThan": "90e09c016d72b91e76de25f71c7b93d94cc3c769",
              "status": "affected",
              "version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
              "versionType": "git"
            },
            {
              "lessThan": "a7ae586f6f6024f490b8546c8c84670f96bb9b68",
              "status": "affected",
              "version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
              "versionType": "git"
            },
            {
              "lessThan": "93b372c39c40cbf179e56621e6bc48240943af69",
              "status": "affected",
              "version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
              "versionType": "git"
            },
            {
              "lessThan": "97830f3c3088638ff90b20dfba2eb4d487bf14d7",
              "status": "affected",
              "version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/android/binder.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: signal epoll threads of self-work\n\nIn (e)poll mode, threads often depend on I/O events to determine when\ndata is ready for consumption. Within binder, a thread may initiate a\ncommand via BINDER_WRITE_READ without a read buffer and then make use\nof epoll_wait() or similar to consume any responses afterwards.\n\nIt is then crucial that epoll threads are signaled via wakeup when they\nqueue their own work. Otherwise, they risk waiting indefinitely for an\nevent leaving their work unhandled. What is worse, subsequent commands\nwon\u0027t trigger a wakeup either as the thread has pending work."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:12.161Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61"
        },
        {
          "url": "https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68"
        },
        {
          "url": "https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69"
        },
        {
          "url": "https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7"
        }
      ],
      "title": "binder: signal epoll threads of self-work",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26606",
    "datePublished": "2024-02-26T14:39:15.861Z",
    "dateReserved": "2024-02-19T14:20:24.130Z",
    "dateUpdated": "2025-11-04T18:29:53.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56619 (GCVE-0-2024-56619)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:51

Title

nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directory data in a page from i_size and the page index, loses the upper 32 bits of the 64-bit size information due to an inappropriate type of local variable to which the i_size value is assigned. This caused a large byte offset value due to underflow in the end address calculation in the calling nilfs_find_entry(), resulting in memory access that exceeds the folio/page size. Fix this issue by changing the type of the local variable causing the bit loss from "unsigned int" to "u64". The return value of nilfs_last_byte() is also of type "unsigned int", but it is truncated so as not to exceed PAGE_SIZE and no bit loss occurs, so no change is required.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/09d6d05579fd46e61…
	https://git.kernel.org/stable/c/e3732102a9d638d86…
	https://git.kernel.org/stable/c/48eb6e7404948032b…
	https://git.kernel.org/stable/c/5af8366625182f01f…
	https://git.kernel.org/stable/c/c3afea07477baccdb…
	https://git.kernel.org/stable/c/31f7b57a77d4c82a3…
	https://git.kernel.org/stable/c/985ebec4ab0a28bb5…

Impacted products

Vendor

Product

Version

Linux

Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 09d6d05579fd46e61abf6e457bb100ff11f3a9d3 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < e3732102a9d638d8627d14fdf7b208462f0520e0 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 48eb6e7404948032bbe811c5affbe39f6b316951 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 5af8366625182f01f6d8465c9a3210574673af57 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < c3afea07477baccdbdec4483f8d5e59d42a3f67f (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:41:59.486282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:22.383Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:08.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "09d6d05579fd46e61abf6e457bb100ff11f3a9d3",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "e3732102a9d638d8627d14fdf7b208462f0520e0",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "48eb6e7404948032bbe811c5affbe39f6b316951",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "5af8366625182f01f6d8465c9a3210574673af57",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "c3afea07477baccdbdec4483f8d5e59d42a3f67f",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()\n\nSyzbot reported that when searching for records in a directory where the\ninode\u0027s i_size is corrupted and has a large value, memory access outside\nthe folio/page range may occur, or a use-after-free bug may be detected if\nKASAN is enabled.\n\nThis is because nilfs_last_byte(), which is called by nilfs_find_entry()\nand others to calculate the number of valid bytes of directory data in a\npage from i_size and the page index, loses the upper 32 bits of the 64-bit\nsize information due to an inappropriate type of local variable to which\nthe i_size value is assigned.\n\nThis caused a large byte offset value due to underflow in the end address\ncalculation in the calling nilfs_find_entry(), resulting in memory access\nthat exceeds the folio/page size.\n\nFix this issue by changing the type of the local variable causing the bit\nloss from \"unsigned int\" to \"u64\".  The return value of nilfs_last_byte()\nis also of type \"unsigned int\", but it is truncated so as not to exceed\nPAGE_SIZE and no bit loss occurs, so no change is required."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:06.030Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/09d6d05579fd46e61abf6e457bb100ff11f3a9d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3732102a9d638d8627d14fdf7b208462f0520e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/48eb6e7404948032bbe811c5affbe39f6b316951"
        },
        {
          "url": "https://git.kernel.org/stable/c/5af8366625182f01f6d8465c9a3210574673af57"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3afea07477baccdbdec4483f8d5e59d42a3f67f"
        },
        {
          "url": "https://git.kernel.org/stable/c/31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e"
        },
        {
          "url": "https://git.kernel.org/stable/c/985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d"
        }
      ],
      "title": "nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56619",
    "datePublished": "2024-12-27T14:51:23.516Z",
    "dateReserved": "2024-12-27T14:03:06.016Z",
    "dateUpdated": "2025-11-03T20:51:08.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56701 (GCVE-0-2024-56701)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:52

Title

powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep: # echo 1 > /proc/powerpc/vcpudispatch_stats BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh preempt_count: 1, expected: 0 3 locks held by sh/199: #0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438 #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4 #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4 CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152 Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries Call Trace: dump_stack_lvl+0x130/0x148 (unreliable) __might_resched+0x174/0x410 kmem_cache_alloc_noprof+0x340/0x3d0 alloc_dtl_buffers+0x124/0x1ac vcpudispatch_stats_write+0x2a8/0x5f4 proc_reg_write+0xf4/0x150 vfs_write+0xfc/0x438 ksys_write+0x88/0x148 system_call_exception+0x1c4/0x5a0 system_call_common+0xf4/0x258

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6956c0e7346ce1bbf…
	https://git.kernel.org/stable/c/f6ec133668757f84e…
	https://git.kernel.org/stable/c/fa5b5ea257135e771…
	https://git.kernel.org/stable/c/a246daa26b717e755…
	https://git.kernel.org/stable/c/b125d0cf1adde7b2b…
	https://git.kernel.org/stable/c/525e18f1ba7c2b098…
	https://git.kernel.org/stable/c/cadae3a45d23aa4f6…

Impacted products

Vendor

Product

Version

Linux

Affected: 06220d78f24a20549757be1014e57c382406cc92 , < 6956c0e7346ce1bbfc726755aa8da10d26e84276 (git)
Affected: 06220d78f24a20549757be1014e57c382406cc92 , < f6ec133668757f84e5143f1eb141fd0b83778b9e (git)
Affected: 06220d78f24a20549757be1014e57c382406cc92 , < fa5b5ea257135e771b489c83a2e93b5935d0108e (git)
Affected: 06220d78f24a20549757be1014e57c382406cc92 , < a246daa26b717e755ccc9061f47f7cd1c0b358dd (git)
Affected: 06220d78f24a20549757be1014e57c382406cc92 , < b125d0cf1adde7b2b47d7337fed7e9133eea3463 (git)
Affected: 06220d78f24a20549757be1014e57c382406cc92 , < 525e18f1ba7c2b098c8ba587fb397efb34a6574c (git)
Affected: 06220d78f24a20549757be1014e57c382406cc92 , < cadae3a45d23aa4f6485938a67cbc47aaaa25e38 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:50.956Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/include/asm/dtl.h",
            "arch/powerpc/platforms/pseries/dtl.c",
            "arch/powerpc/platforms/pseries/lpar.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6956c0e7346ce1bbfc726755aa8da10d26e84276",
              "status": "affected",
              "version": "06220d78f24a20549757be1014e57c382406cc92",
              "versionType": "git"
            },
            {
              "lessThan": "f6ec133668757f84e5143f1eb141fd0b83778b9e",
              "status": "affected",
              "version": "06220d78f24a20549757be1014e57c382406cc92",
              "versionType": "git"
            },
            {
              "lessThan": "fa5b5ea257135e771b489c83a2e93b5935d0108e",
              "status": "affected",
              "version": "06220d78f24a20549757be1014e57c382406cc92",
              "versionType": "git"
            },
            {
              "lessThan": "a246daa26b717e755ccc9061f47f7cd1c0b358dd",
              "status": "affected",
              "version": "06220d78f24a20549757be1014e57c382406cc92",
              "versionType": "git"
            },
            {
              "lessThan": "b125d0cf1adde7b2b47d7337fed7e9133eea3463",
              "status": "affected",
              "version": "06220d78f24a20549757be1014e57c382406cc92",
              "versionType": "git"
            },
            {
              "lessThan": "525e18f1ba7c2b098c8ba587fb397efb34a6574c",
              "status": "affected",
              "version": "06220d78f24a20549757be1014e57c382406cc92",
              "versionType": "git"
            },
            {
              "lessThan": "cadae3a45d23aa4f6485938a67cbc47aaaa25e38",
              "status": "affected",
              "version": "06220d78f24a20549757be1014e57c382406cc92",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/include/asm/dtl.h",
            "arch/powerpc/platforms/pseries/dtl.c",
            "arch/powerpc/platforms/pseries/lpar.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix dtl_access_lock to be a rw_semaphore\n\nThe dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because\nthe code calls kmalloc() while holding it, which can sleep:\n\n  # echo 1 \u003e /proc/powerpc/vcpudispatch_stats\n  BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337\n  in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh\n  preempt_count: 1, expected: 0\n  3 locks held by sh/199:\n   #0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438\n   #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4\n   #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4\n  CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152\n  Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries\n  Call Trace:\n    dump_stack_lvl+0x130/0x148 (unreliable)\n    __might_resched+0x174/0x410\n    kmem_cache_alloc_noprof+0x340/0x3d0\n    alloc_dtl_buffers+0x124/0x1ac\n    vcpudispatch_stats_write+0x2a8/0x5f4\n    proc_reg_write+0xf4/0x150\n    vfs_write+0xfc/0x438\n    ksys_write+0x88/0x148\n    system_call_exception+0x1c4/0x5a0\n    system_call_common+0xf4/0x258"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:02:49.180Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6956c0e7346ce1bbfc726755aa8da10d26e84276"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6ec133668757f84e5143f1eb141fd0b83778b9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa5b5ea257135e771b489c83a2e93b5935d0108e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a246daa26b717e755ccc9061f47f7cd1c0b358dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/b125d0cf1adde7b2b47d7337fed7e9133eea3463"
        },
        {
          "url": "https://git.kernel.org/stable/c/525e18f1ba7c2b098c8ba587fb397efb34a6574c"
        },
        {
          "url": "https://git.kernel.org/stable/c/cadae3a45d23aa4f6485938a67cbc47aaaa25e38"
        }
      ],
      "title": "powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56701",
    "datePublished": "2024-12-28T09:46:23.516Z",
    "dateReserved": "2024-12-27T15:00:39.856Z",
    "dateUpdated": "2025-11-03T20:52:50.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50302 (GCVE-0-2024-50302)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2025-11-03 22:28

Title

HID: core: zero-initialize the report buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e7ea60184e1e88a3c…
	https://git.kernel.org/stable/c/3f9e88f2672c46359…
	https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3…
	https://git.kernel.org/stable/c/05ade5d4337867929…
	https://git.kernel.org/stable/c/1884ab3d22536a5c1…
	https://git.kernel.org/stable/c/9d9f5c75c0c7f3176…
	https://git.kernel.org/stable/c/492015e6249fbcd42…
	https://git.kernel.org/stable/c/177f25d1292c7e16e…

Impacted products

Vendor

Product

Version

Linux

Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 3f9e88f2672c4635960570ee9741778d4135ecf5 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 05ade5d4337867929e7ef664e7ac8e0c734f1aaf (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 9d9f5c75c0c7f31766ec27d90f7a6ac673193191 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 492015e6249fbcd42138b49de3c588d826dd9648 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 177f25d1292c7e16e1199b39c85480f7f8815552 (git)
Affected: b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7 (git)
Affected: fe6c9b48ebc920ff21c10c50ab2729440c734254 (git)

Linux

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50302",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T04:55:26.718337Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-03-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:35.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-03-04T00:00:00+00:00",
            "value": "CVE-2024-50302 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:19.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e7ea60184e1e88a3c9e437b3265cbb6439aa7e26",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "3f9e88f2672c4635960570ee9741778d4135ecf5",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "d7dc68d82ab3fcfc3f65322465da3d7031d4ab46",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "05ade5d4337867929e7ef664e7ac8e0c734f1aaf",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "1884ab3d22536a5c14b17c78c2ce76d1734e8b0b",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "9d9f5c75c0c7f31766ec27d90f7a6ac673193191",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "492015e6249fbcd42138b49de3c588d826dd9648",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "177f25d1292c7e16e1199b39c85480f7f8815552",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fe6c9b48ebc920ff21c10c50ab2729440c734254",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.11.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:14.113Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"
        },
        {
          "url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"
        },
        {
          "url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"
        },
        {
          "url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"
        }
      ],
      "title": "HID: core: zero-initialize the report buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50302",
    "datePublished": "2024-11-19T01:30:51.300Z",
    "dateReserved": "2024-10-21T19:36:19.987Z",
    "dateUpdated": "2025-11-03T22:28:19.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46832 (GCVE-0-2024-46832)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53

Title

MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed

Summary

In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed This avoids warning: [ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by get_c0_compare_int on secondary CPU. We also skipped saving IRQ number to struct clock_event_device *cd as it's never used by clockevent core, as per comments it's only meant for "non CPU local devices".

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d3ff0f98a52f0aafe…
	https://git.kernel.org/stable/c/e6cd871627abbb459…
	https://git.kernel.org/stable/c/b1d2051373bfc6537…
	https://git.kernel.org/stable/c/32ee0520159f1e8c2…
	https://git.kernel.org/stable/c/189d3ed3b25beee26…
	https://git.kernel.org/stable/c/50f2b98dc83de7809…

Impacted products

Vendor

Product

Version

Linux

Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < d3ff0f98a52f0aafe35aa314d1c442f4318be3db (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < e6cd871627abbb459d0ff6521d6bb9cf9d9f7522 (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < b1d2051373bfc65371ce4ac8911ed984d0178c98 (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < 32ee0520159f1e8c2d6597c19690df452c528f30 (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < 189d3ed3b25beee26ffe2abed278208bece13f52 (git)
Affected: 38760d40ca61b18b2809e9c28df8b3ff9af8a02b , < 50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (git)

Linux

Affected: 2.6.24
Unaffected: 0 , < 2.6.24 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:03:39.846521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:03:44.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:19:22.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/kernel/cevt-r4k.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d3ff0f98a52f0aafe35aa314d1c442f4318be3db",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "e6cd871627abbb459d0ff6521d6bb9cf9d9f7522",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "b1d2051373bfc65371ce4ac8911ed984d0178c98",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "32ee0520159f1e8c2d6597c19690df452c528f30",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "189d3ed3b25beee26ffe2abed278208bece13f52",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            },
            {
              "lessThan": "50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13",
              "status": "affected",
              "version": "38760d40ca61b18b2809e9c28df8b3ff9af8a02b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/kernel/cevt-r4k.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.24"
            },
            {
              "lessThan": "2.6.24",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\u0027t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\u0027s never used by clockevent core, as per comments it\u0027s only meant\nfor \"non CPU local devices\"."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:27.342Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98"
        },
        {
          "url": "https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30"
        },
        {
          "url": "https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52"
        },
        {
          "url": "https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13"
        }
      ],
      "title": "MIPS: cevt-r4k: Don\u0027t call get_c0_compare_int if timer irq is installed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46832",
    "datePublished": "2024-09-27T12:39:29.734Z",
    "dateReserved": "2024-09-11T15:12:18.286Z",
    "dateUpdated": "2026-01-05T10:53:27.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50040 (GCVE-0-2024-50040)

Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-11-03 22:24

Title

igb: Do not bring the device up after non-fatal error

Summary

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung task that can happen when igb_down() is called multiple times. This caused an issue when processing transient non-fatal errors. igb_io_resume(), which is called after igb_io_error_detected(), assumes that device is brought down by igb_io_error_detected() if the interface is up. This resulted in panic with stacktrace below. [ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down [ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0 [ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID) [ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000 [ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000 [ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message [ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported. [ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message [ T292] pcieport 0000:00:1c.5: AER: broadcast resume message [ T292] ------------[ cut here ]------------ [ T292] kernel BUG at net/core/dev.c:6539! [ T292] invalid opcode: 0000 [#1] PREEMPT SMP [ T292] RIP: 0010:napi_enable+0x37/0x40 [ T292] Call Trace: [ T292] <TASK> [ T292] ? die+0x33/0x90 [ T292] ? do_trap+0xdc/0x110 [ T292] ? napi_enable+0x37/0x40 [ T292] ? do_error_trap+0x70/0xb0 [ T292] ? napi_enable+0x37/0x40 [ T292] ? napi_enable+0x37/0x40 [ T292] ? exc_invalid_op+0x4e/0x70 [ T292] ? napi_enable+0x37/0x40 [ T292] ? asm_exc_invalid_op+0x16/0x20 [ T292] ? napi_enable+0x37/0x40 [ T292] igb_up+0x41/0x150 [ T292] igb_io_resume+0x25/0x70 [ T292] report_resume+0x54/0x70 [ T292] ? report_frozen_detected+0x20/0x20 [ T292] pci_walk_bus+0x6c/0x90 [ T292] ? aer_print_port_info+0xa0/0xa0 [ T292] pcie_do_recovery+0x22f/0x380 [ T292] aer_process_err_devices+0x110/0x160 [ T292] aer_isr+0x1c1/0x1e0 [ T292] ? disable_irq_nosync+0x10/0x10 [ T292] irq_thread_fn+0x1a/0x60 [ T292] irq_thread+0xe3/0x1a0 [ T292] ? irq_set_affinity_notifier+0x120/0x120 [ T292] ? irq_affinity_notify+0x100/0x100 [ T292] kthread+0xe2/0x110 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork+0x2d/0x50 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork_asm+0x11/0x20 [ T292] </TASK> To fix this issue igb_io_resume() checks if the interface is running and the device is not down this means igb_io_error_detected() did not bring the device down and there is no need to bring it up.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/dca2ca65a8695d959…
	https://git.kernel.org/stable/c/c92cbd283ddcf55fd…
	https://git.kernel.org/stable/c/d79af3af2f49c6aae…
	https://git.kernel.org/stable/c/0a94079e3841d00ea…
	https://git.kernel.org/stable/c/6a39c8f5c8aae74c5…
	https://git.kernel.org/stable/c/57c5053eaa5f9a8a9…
	https://git.kernel.org/stable/c/500be93c5d53b7e2c…
	https://git.kernel.org/stable/c/330a699ecbfc9c26e…

Impacted products

Vendor

Product

Version

Linux

Affected: 124e39a734cb90658b8f0dc110847bbfc6e33792 , < dca2ca65a8695d9593e2cf1b40848e073ad75413 (git)
Affected: c9f56f3c7bc908caa772112d3ae71cdd5d18c257 , < c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7 (git)
Affected: 994c2ceb70ea99264ccc6f09e6703ca267dad63c , < d79af3af2f49c6aae9add3d492c04d60c1b85ce4 (git)
Affected: fa92c463eba75dcedbd8d689ffdcb83293aaa0c3 , < 0a94079e3841d00ea5abb05e3233d019a86745f6 (git)
Affected: 39695e87d86f0e7d897fba1d2559f825aa20caeb , < 6a39c8f5c8aae74c5ab2ba466791f59ffaab0178 (git)
Affected: 004d25060c78fc31f66da0fa439c544dda1ac9d5 , < 57c5053eaa5f9a8a99e34732e37a86615318e464 (git)
Affected: 004d25060c78fc31f66da0fa439c544dda1ac9d5 , < 500be93c5d53b7e2c5314292012185f0207bad0c (git)
Affected: 004d25060c78fc31f66da0fa439c544dda1ac9d5 , < 330a699ecbfc9c26ec92c6310686da1230b4e7eb (git)
Affected: c2312e1d12b1c3ee4100c173131b102e2aed4d04 (git)
Affected: 41f63b72a01c0e0ac59ab83fd2d921fcce0f602d (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.57 , ≤ 6.6.* (semver)
Unaffected: 6.11.4 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50040",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:24:54.389339Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:28:44.369Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:24:46.834Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dca2ca65a8695d9593e2cf1b40848e073ad75413",
              "status": "affected",
              "version": "124e39a734cb90658b8f0dc110847bbfc6e33792",
              "versionType": "git"
            },
            {
              "lessThan": "c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7",
              "status": "affected",
              "version": "c9f56f3c7bc908caa772112d3ae71cdd5d18c257",
              "versionType": "git"
            },
            {
              "lessThan": "d79af3af2f49c6aae9add3d492c04d60c1b85ce4",
              "status": "affected",
              "version": "994c2ceb70ea99264ccc6f09e6703ca267dad63c",
              "versionType": "git"
            },
            {
              "lessThan": "0a94079e3841d00ea5abb05e3233d019a86745f6",
              "status": "affected",
              "version": "fa92c463eba75dcedbd8d689ffdcb83293aaa0c3",
              "versionType": "git"
            },
            {
              "lessThan": "6a39c8f5c8aae74c5ab2ba466791f59ffaab0178",
              "status": "affected",
              "version": "39695e87d86f0e7d897fba1d2559f825aa20caeb",
              "versionType": "git"
            },
            {
              "lessThan": "57c5053eaa5f9a8a99e34732e37a86615318e464",
              "status": "affected",
              "version": "004d25060c78fc31f66da0fa439c544dda1ac9d5",
              "versionType": "git"
            },
            {
              "lessThan": "500be93c5d53b7e2c5314292012185f0207bad0c",
              "status": "affected",
              "version": "004d25060c78fc31f66da0fa439c544dda1ac9d5",
              "versionType": "git"
            },
            {
              "lessThan": "330a699ecbfc9c26ec92c6310686da1230b4e7eb",
              "status": "affected",
              "version": "004d25060c78fc31f66da0fa439c544dda1ac9d5",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c2312e1d12b1c3ee4100c173131b102e2aed4d04",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "41f63b72a01c0e0ac59ab83fd2d921fcce0f602d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.57",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.19.291",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "5.4.251",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.10.188",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.15.150",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "6.1.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.57",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.4",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.322",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not bring the device up after non-fatal error\n\nCommit 004d25060c78 (\"igb: Fix igb_down hung on surprise removal\")\nchanged igb_io_error_detected() to ignore non-fatal pcie errors in order\nto avoid hung task that can happen when igb_down() is called multiple\ntimes. This caused an issue when processing transient non-fatal errors.\nigb_io_resume(), which is called after igb_io_error_detected(), assumes\nthat device is brought down by igb_io_error_detected() if the interface\nis up. This resulted in panic with stacktrace below.\n\n[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down\n[  T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0\n[  T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)\n[  T292] igb 0000:09:00.0:   device [8086:1537] error status/mask=00004000/00000000\n[  T292] igb 0000:09:00.0:    [14] CmpltTO [  200.105524,009][  T292] igb 0000:09:00.0: AER:   TLP Header: 00000000 00000000 00000000 00000000\n[  T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message\n[  T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.\n[  T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message\n[  T292] pcieport 0000:00:1c.5: AER: broadcast resume message\n[  T292] ------------[ cut here ]------------\n[  T292] kernel BUG at net/core/dev.c:6539!\n[  T292] invalid opcode: 0000 [#1] PREEMPT SMP\n[  T292] RIP: 0010:napi_enable+0x37/0x40\n[  T292] Call Trace:\n[  T292]  \u003cTASK\u003e\n[  T292]  ? die+0x33/0x90\n[  T292]  ? do_trap+0xdc/0x110\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  ? do_error_trap+0x70/0xb0\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  ? exc_invalid_op+0x4e/0x70\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  ? asm_exc_invalid_op+0x16/0x20\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  igb_up+0x41/0x150\n[  T292]  igb_io_resume+0x25/0x70\n[  T292]  report_resume+0x54/0x70\n[  T292]  ? report_frozen_detected+0x20/0x20\n[  T292]  pci_walk_bus+0x6c/0x90\n[  T292]  ? aer_print_port_info+0xa0/0xa0\n[  T292]  pcie_do_recovery+0x22f/0x380\n[  T292]  aer_process_err_devices+0x110/0x160\n[  T292]  aer_isr+0x1c1/0x1e0\n[  T292]  ? disable_irq_nosync+0x10/0x10\n[  T292]  irq_thread_fn+0x1a/0x60\n[  T292]  irq_thread+0xe3/0x1a0\n[  T292]  ? irq_set_affinity_notifier+0x120/0x120\n[  T292]  ? irq_affinity_notify+0x100/0x100\n[  T292]  kthread+0xe2/0x110\n[  T292]  ? kthread_complete_and_exit+0x20/0x20\n[  T292]  ret_from_fork+0x2d/0x50\n[  T292]  ? kthread_complete_and_exit+0x20/0x20\n[  T292]  ret_from_fork_asm+0x11/0x20\n[  T292]  \u003c/TASK\u003e\n\nTo fix this issue igb_io_resume() checks if the interface is running and\nthe device is not down this means igb_io_error_detected() did not bring\nthe device down and there is no need to bring it up."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:59:23.034Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dca2ca65a8695d9593e2cf1b40848e073ad75413"
        },
        {
          "url": "https://git.kernel.org/stable/c/c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d79af3af2f49c6aae9add3d492c04d60c1b85ce4"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a39c8f5c8aae74c5ab2ba466791f59ffaab0178"
        },
        {
          "url": "https://git.kernel.org/stable/c/57c5053eaa5f9a8a99e34732e37a86615318e464"
        },
        {
          "url": "https://git.kernel.org/stable/c/500be93c5d53b7e2c5314292012185f0207bad0c"
        },
        {
          "url": "https://git.kernel.org/stable/c/330a699ecbfc9c26ec92c6310686da1230b4e7eb"
        }
      ],
      "title": "igb: Do not bring the device up after non-fatal error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50040",
    "datePublished": "2024-10-21T19:39:39.771Z",
    "dateReserved": "2024-10-21T12:17:06.071Z",
    "dateUpdated": "2025-11-03T22:24:46.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52806 (GCVE-0-2023-52806)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2026-01-05 10:17

Title

ALSA: hda: Fix possible null-ptr-deref when assigning a stream

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may be a stub, what is the case when code-loading, such scenario ends with null-ptr-deref.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7de25112de8222fd2…
	https://git.kernel.org/stable/c/758c7733cb821041f…
	https://git.kernel.org/stable/c/2527775616f3638f4…
	https://git.kernel.org/stable/c/25354bae4fc310c39…
	https://git.kernel.org/stable/c/631a96e9eb4228ff7…
	https://git.kernel.org/stable/c/43b91df291c880226…
	https://git.kernel.org/stable/c/fe7c1a0c2b25c8280…
	https://git.kernel.org/stable/c/4a320da7f7cbdab20…
	https://git.kernel.org/stable/c/f93dc90c2e8ed6649…

Impacted products

Vendor

Product

Version

Linux

Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 7de25112de8222fd20564769e6c99dc9f9738a0b (git)
Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 758c7733cb821041f5fd403b7b97c0b95d319323 (git)
Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 2527775616f3638f4fd54649eba8c7b84d5e4250 (git)
Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 25354bae4fc310c3928e8a42fda2d486f67745d7 (git)
Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 631a96e9eb4228ff75fce7e72d133ca81194797e (git)
Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 43b91df291c8802268ab3cfd8fccfdf135800ed4 (git)
Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0 (git)
Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 4a320da7f7cbdab2098b103c47f45d5061f42edd (git)
Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < f93dc90c2e8ed664985e366aa6459ac83cdab236 (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 4.14.331 , ≤ 4.14.* (semver)
Unaffected: 4.19.300 , ≤ 4.19.* (semver)
Unaffected: 5.4.262 , ≤ 5.4.* (semver)
Unaffected: 5.10.202 , ≤ 5.10.* (semver)
Unaffected: 5.15.140 , ≤ 5.15.* (semver)
Unaffected: 6.1.64 , ≤ 6.1.* (semver)
Unaffected: 6.5.13 , ≤ 6.5.* (semver)
Unaffected: 6.6.3 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52806",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:36:47.089606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:54.863Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/hda/hdac_stream.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7de25112de8222fd20564769e6c99dc9f9738a0b",
              "status": "affected",
              "version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
              "versionType": "git"
            },
            {
              "lessThan": "758c7733cb821041f5fd403b7b97c0b95d319323",
              "status": "affected",
              "version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
              "versionType": "git"
            },
            {
              "lessThan": "2527775616f3638f4fd54649eba8c7b84d5e4250",
              "status": "affected",
              "version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
              "versionType": "git"
            },
            {
              "lessThan": "25354bae4fc310c3928e8a42fda2d486f67745d7",
              "status": "affected",
              "version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
              "versionType": "git"
            },
            {
              "lessThan": "631a96e9eb4228ff75fce7e72d133ca81194797e",
              "status": "affected",
              "version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
              "versionType": "git"
            },
            {
              "lessThan": "43b91df291c8802268ab3cfd8fccfdf135800ed4",
              "status": "affected",
              "version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
              "versionType": "git"
            },
            {
              "lessThan": "fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0",
              "status": "affected",
              "version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
              "versionType": "git"
            },
            {
              "lessThan": "4a320da7f7cbdab2098b103c47f45d5061f42edd",
              "status": "affected",
              "version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
              "versionType": "git"
            },
            {
              "lessThan": "f93dc90c2e8ed664985e366aa6459ac83cdab236",
              "status": "affected",
              "version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/hda/hdac_stream.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.331",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.300",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.331",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.300",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.262",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.202",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.140",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.64",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.13",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix possible null-ptr-deref when assigning a stream\n\nWhile AudioDSP drivers assign streams exclusively of HOST or LINK type,\nnothing blocks a user to attempt to assign a COUPLED stream. As\nsupplied substream instance may be a stub, what is the case when\ncode-loading, such scenario ends with null-ptr-deref."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:17:21.749Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"
        },
        {
          "url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"
        },
        {
          "url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"
        },
        {
          "url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"
        },
        {
          "url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"
        },
        {
          "url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"
        }
      ],
      "title": "ALSA: hda: Fix possible null-ptr-deref when assigning a stream",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52806",
    "datePublished": "2024-05-21T15:31:17.025Z",
    "dateReserved": "2024-05-21T15:19:24.247Z",
    "dateUpdated": "2026-01-05T10:17:21.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-52332 (GCVE-0-2024-52332)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:25 – Updated: 2025-11-03 20:45

Title

igb: Fix potential invalid memory access in igb_init_module()

Summary

In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4458046617dfadc35…
	https://git.kernel.org/stable/c/e0155b1b1509d0ef4…
	https://git.kernel.org/stable/c/4fe517643f529e805…
	https://git.kernel.org/stable/c/8009cdcc493fa30d4…
	https://git.kernel.org/stable/c/f309733a8c9da7d42…
	https://git.kernel.org/stable/c/992fd34122de377b4…
	https://git.kernel.org/stable/c/0566f83d206c7a864…

Impacted products

Vendor

Product

Version

Linux

Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 4458046617dfadc351162dbaea1945c57eebdf36 (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < e0155b1b1509d0ef4799bd1cd73309ca466df3f3 (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 4fe517643f529e805bb6b890a4331c100e8f2484 (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 8009cdcc493fa30d4572016daf2d6999da4d6c54 (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < f309733a8c9da7d4266a8a3755020b738a570cae (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 992fd34122de377b45cb75b64fc7f17fc1e6ed2f (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 0566f83d206c7a864abcd741fe39d6e0ae5eef29 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:45:31.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4458046617dfadc351162dbaea1945c57eebdf36",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "e0155b1b1509d0ef4799bd1cd73309ca466df3f3",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "4fe517643f529e805bb6b890a4331c100e8f2484",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "8009cdcc493fa30d4572016daf2d6999da4d6c54",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "f309733a8c9da7d4266a8a3755020b738a570cae",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "992fd34122de377b45cb75b64fc7f17fc1e6ed2f",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "0566f83d206c7a864abcd741fe39d6e0ae5eef29",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix potential invalid memory access in igb_init_module()\n\nThe pci_register_driver() can fail and when this happened, the dca_notifier\nneeds to be unregistered, otherwise the dca_notifier can be called when\nigb fails to install, resulting to invalid memory access."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:51:22.265Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4458046617dfadc351162dbaea1945c57eebdf36"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0155b1b1509d0ef4799bd1cd73309ca466df3f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fe517643f529e805bb6b890a4331c100e8f2484"
        },
        {
          "url": "https://git.kernel.org/stable/c/8009cdcc493fa30d4572016daf2d6999da4d6c54"
        },
        {
          "url": "https://git.kernel.org/stable/c/f309733a8c9da7d4266a8a3755020b738a570cae"
        },
        {
          "url": "https://git.kernel.org/stable/c/992fd34122de377b45cb75b64fc7f17fc1e6ed2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0566f83d206c7a864abcd741fe39d6e0ae5eef29"
        }
      ],
      "title": "igb: Fix potential invalid memory access in igb_init_module()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-52332",
    "datePublished": "2025-01-11T12:25:21.014Z",
    "dateReserved": "2025-01-09T09:50:31.799Z",
    "dateUpdated": "2025-11-03T20:45:31.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44989 (GCVE-0-2024-44989)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

bonding: fix xfrm real_dev null pointer dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: kernel: BUG: unable to handle page fault for address: 0000000000001030 kernel: bond0: (slave eni0np1): making interface the new active one kernel: #PF: supervisor write access in kernel mode kernel: #PF: error_code(0x0002) - not-present page kernel: PGD 0 P4D 0 kernel: Oops: 0002 [#1] PREEMPT SMP kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12 kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f kernel: bond0: (slave eni0np1): making interface the new active one kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60 kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00 kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014 kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000 kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000 kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0 kernel: bond0: (slave eni0np1): making interface the new active one kernel: Call Trace: kernel: <TASK> kernel: ? __die+0x1f/0x60 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? page_fault_oops+0x142/0x4c0 kernel: ? do_user_addr_fault+0x65/0x670 kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50 kernel: bond0: (slave eni0np1): making interface the new active one kernel: ? exc_page_fault+0x7b/0x180 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): making interface the new active one kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding] kernel: xfrm_output+0x61/0x3b0 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ip_push_pending_frames+0x56/0x80

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/21816b696c172c19d…
	https://git.kernel.org/stable/c/2f72c6a66bcd7e018…
	https://git.kernel.org/stable/c/7fa9243391ad2afe7…
	https://git.kernel.org/stable/c/4582d4ff413a07d4e…
	https://git.kernel.org/stable/c/89fc1dca79db5c3e7…
	https://git.kernel.org/stable/c/f8cde9805981c50d0…

Impacted products

Vendor

Product

Version

Linux

Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 21816b696c172c19d53a30d45ee005cce246ed21 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 2f72c6a66bcd7e0187ec085237fee5db27145294 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 7fa9243391ad2afe798ef4ea2e2851947b95754f (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 4582d4ff413a07d4ed8a4823c652dc5207760548 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 89fc1dca79db5c3e7a2d589ecbf8a3661c65f436 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < f8cde9805981c50d0c029063dc7d82821806fc44 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:50.219529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:20:52.769Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:43.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21816b696c172c19d53a30d45ee005cce246ed21",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "2f72c6a66bcd7e0187ec085237fee5db27145294",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "7fa9243391ad2afe798ef4ea2e2851947b95754f",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "4582d4ff413a07d4ed8a4823c652dc5207760548",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "89fc1dca79db5c3e7a2d589ecbf8a3661c65f436",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "f8cde9805981c50d0c029063dc7d82821806fc44",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn\u0027t set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 \u003c83\u003e 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  \u003cTASK\u003e\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:32.250Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548"
        },
        {
          "url": "https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44"
        }
      ],
      "title": "bonding: fix xfrm real_dev null pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44989",
    "datePublished": "2024-09-04T19:54:36.858Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2025-11-03T22:14:43.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52871 (GCVE-0-2023-52871)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:32 – Updated: 2025-05-04 07:44

Title

soc: qcom: llcc: Handle a second device without data corruption

Summary

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, even a failed probe call would modify the global drv_data pointer. So check if drv_data is valid before overwriting it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cc1a1dcb411fe224f…
	https://git.kernel.org/stable/c/5e5b85ea0f4bc484b…
	https://git.kernel.org/stable/c/995ee1e84e8db7fa5…
	https://git.kernel.org/stable/c/f0ef883cae309bc5e…
	https://git.kernel.org/stable/c/3565684309e54fa99…
	https://git.kernel.org/stable/c/1143bfb9b05589797…
	https://git.kernel.org/stable/c/f1a1bc8775b26345a…

Impacted products

Vendor

Product

Version

Linux

Affected: a3134fb09e0bc5bee76e13bf863173b86f21cf87 , < cc1a1dcb411fe224f48553cfdcdfe6e61395b69c (git)
Affected: a3134fb09e0bc5bee76e13bf863173b86f21cf87 , < 5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0 (git)
Affected: a3134fb09e0bc5bee76e13bf863173b86f21cf87 , < 995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c (git)
Affected: a3134fb09e0bc5bee76e13bf863173b86f21cf87 , < f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8 (git)
Affected: a3134fb09e0bc5bee76e13bf863173b86f21cf87 , < 3565684309e54fa998ea27f37028d67cc3e1dff2 (git)
Affected: a3134fb09e0bc5bee76e13bf863173b86f21cf87 , < 1143bfb9b055897975aeaea254da148e19524493 (git)
Affected: a3134fb09e0bc5bee76e13bf863173b86f21cf87 , < f1a1bc8775b26345aba2be278118999e7f661d3d (git)

Linux

Affected: 4.19
Unaffected: 0 , < 4.19 (semver)
Unaffected: 5.4.261 , ≤ 5.4.* (semver)
Unaffected: 5.10.201 , ≤ 5.10.* (semver)
Unaffected: 5.15.139 , ≤ 5.15.* (semver)
Unaffected: 6.1.63 , ≤ 6.1.* (semver)
Unaffected: 6.5.12 , ≤ 6.5.* (semver)
Unaffected: 6.6.2 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52871",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T18:17:57.620656Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:42.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.044Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc1a1dcb411fe224f48553cfdcdfe6e61395b69c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3565684309e54fa998ea27f37028d67cc3e1dff2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1143bfb9b055897975aeaea254da148e19524493"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f1a1bc8775b26345aba2be278118999e7f661d3d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/qcom/llcc-qcom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cc1a1dcb411fe224f48553cfdcdfe6e61395b69c",
              "status": "affected",
              "version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
              "versionType": "git"
            },
            {
              "lessThan": "5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0",
              "status": "affected",
              "version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
              "versionType": "git"
            },
            {
              "lessThan": "995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c",
              "status": "affected",
              "version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
              "versionType": "git"
            },
            {
              "lessThan": "f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8",
              "status": "affected",
              "version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
              "versionType": "git"
            },
            {
              "lessThan": "3565684309e54fa998ea27f37028d67cc3e1dff2",
              "status": "affected",
              "version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
              "versionType": "git"
            },
            {
              "lessThan": "1143bfb9b055897975aeaea254da148e19524493",
              "status": "affected",
              "version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
              "versionType": "git"
            },
            {
              "lessThan": "f1a1bc8775b26345aba2be278118999e7f661d3d",
              "status": "affected",
              "version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/qcom/llcc-qcom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.261",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.201",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.139",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.261",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.201",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.139",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.63",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.12",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.2",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: llcc: Handle a second device without data corruption\n\nUsually there is only one llcc device. But if there were a second, even\na failed probe call would modify the global drv_data pointer. So check\nif drv_data is valid before overwriting it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:44:47.112Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cc1a1dcb411fe224f48553cfdcdfe6e61395b69c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/3565684309e54fa998ea27f37028d67cc3e1dff2"
        },
        {
          "url": "https://git.kernel.org/stable/c/1143bfb9b055897975aeaea254da148e19524493"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1a1bc8775b26345aba2be278118999e7f661d3d"
        }
      ],
      "title": "soc: qcom: llcc: Handle a second device without data corruption",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52871",
    "datePublished": "2024-05-21T15:32:00.922Z",
    "dateReserved": "2024-05-21T15:19:24.263Z",
    "dateUpdated": "2025-05-04T07:44:47.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49957 (GCVE-0-2024-49957)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23

Title

ocfs2: fix null-ptr-deref when journal load failed.

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fd89d92c1140cee8f…
	https://git.kernel.org/stable/c/703b2c7e0798d2631…
	https://git.kernel.org/stable/c/bf605ae98dab5c15c…
	https://git.kernel.org/stable/c/ff55291fb36779819…
	https://git.kernel.org/stable/c/82dfdd1e31e774578…
	https://git.kernel.org/stable/c/86a89e75e9e4dfa76…
	https://git.kernel.org/stable/c/f60e94a83db799bde…
	https://git.kernel.org/stable/c/387bf565cc03e2e8c…
	https://git.kernel.org/stable/c/5784d9fcfd43bd853…

Impacted products

Vendor

Product

Version

Linux

Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < fd89d92c1140cee8f59de336cb37fa65e359c123 (git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 703b2c7e0798d263154dc8593dc2345f75dc077f (git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < bf605ae98dab5c15c5b631d4d7f88898cb41b649 (git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < ff55291fb36779819211b596da703389135f5b05 (git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 82dfdd1e31e774578f76ce6dc90c834f96403a0f (git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b (git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < f60e94a83db799bde625ac8671a5b4a6354e7120 (git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 387bf565cc03e2e8c720b8b4798efea4aacb6962 (git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 5784d9fcfd43bd853654bb80c87ef293b9e8e80a (git)

Linux

Affected: 2.6.32
Unaffected: 0 , < 2.6.32 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49957",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:35:36.575300Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:48.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:36.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/journal.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fd89d92c1140cee8f59de336cb37fa65e359c123",
              "status": "affected",
              "version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
              "versionType": "git"
            },
            {
              "lessThan": "703b2c7e0798d263154dc8593dc2345f75dc077f",
              "status": "affected",
              "version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
              "versionType": "git"
            },
            {
              "lessThan": "bf605ae98dab5c15c5b631d4d7f88898cb41b649",
              "status": "affected",
              "version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
              "versionType": "git"
            },
            {
              "lessThan": "ff55291fb36779819211b596da703389135f5b05",
              "status": "affected",
              "version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
              "versionType": "git"
            },
            {
              "lessThan": "82dfdd1e31e774578f76ce6dc90c834f96403a0f",
              "status": "affected",
              "version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
              "versionType": "git"
            },
            {
              "lessThan": "86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b",
              "status": "affected",
              "version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
              "versionType": "git"
            },
            {
              "lessThan": "f60e94a83db799bde625ac8671a5b4a6354e7120",
              "status": "affected",
              "version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
              "versionType": "git"
            },
            {
              "lessThan": "387bf565cc03e2e8c720b8b4798efea4aacb6962",
              "status": "affected",
              "version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
              "versionType": "git"
            },
            {
              "lessThan": "5784d9fcfd43bd853654bb80c87ef293b9e8e80a",
              "status": "affected",
              "version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/journal.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.32"
            },
            {
              "lessThan": "2.6.32",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix null-ptr-deref when journal load failed.\n\nDuring the mounting process, if journal_reset() fails because of too short\njournal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. \nSubsequently, ocfs2_journal_shutdown() calls\njbd2_journal_flush()-\u003ejbd2_cleanup_journal_tail()-\u003e\n__jbd2_update_log_tail()-\u003ejbd2_journal_update_sb_log_tail()\n-\u003elock_buffer(journal-\u003ej_sb_buffer), resulting in a null-pointer\ndereference error.\n\nTo resolve this issue, we should check the JBD2_LOADED flag to ensure the\njournal was properly loaded.  Additionally, use journal instead of\nosb-\u003ejournal directly to simplify the code."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:42:19.684Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fd89d92c1140cee8f59de336cb37fa65e359c123"
        },
        {
          "url": "https://git.kernel.org/stable/c/703b2c7e0798d263154dc8593dc2345f75dc077f"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05"
        },
        {
          "url": "https://git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120"
        },
        {
          "url": "https://git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962"
        },
        {
          "url": "https://git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a"
        }
      ],
      "title": "ocfs2: fix null-ptr-deref when journal load failed.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49957",
    "datePublished": "2024-10-21T18:02:11.046Z",
    "dateReserved": "2024-10-21T12:17:06.048Z",
    "dateUpdated": "2025-11-03T22:23:36.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53680 (GCVE-0-2024-53680)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:25 – Updated: 2025-11-03 20:48

Title

ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for ip_vs_protocol_init(), triggering the following objtool warning during build time: vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6() At runtime, this either causes an oops when trying to load the ipvs module or a boot-time panic if ipvs is built-in. This same issue has been reported by the Intel kernel test robot previously. Digging deeper into both LLVM and the kernel code reveals this to be a undefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer of 64 chars to store the registered protocol names and leaves it uninitialized after definition. The function calls strnlen() when concatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE strnlen() performs an extra step to check whether the last byte of the input char buffer is a null character (commit 3009f891bb9f ("fortify: Allow strlen() and strnlen() to pass compile-time known lengths")). This, together with possibly other configurations, cause the following IR to be generated: define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section ".init.text" align 16 !kcfi_type !29 { %1 = alloca [64 x i8], align 16 ... 14: ; preds = %11 %15 = getelementptr inbounds i8, ptr %1, i64 63 %16 = load i8, ptr %15, align 1 %17 = tail call i1 @llvm.is.constant.i8(i8 %16) %18 = icmp eq i8 %16, 0 %19 = select i1 %17, i1 %18, i1 false br i1 %19, label %20, label %23 20: ; preds = %14 %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23 ... 23: ; preds = %14, %11, %20 %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24 ... } The above code calculates the address of the last char in the buffer (value %15) and then loads from it (value %16). Because the buffer is never initialized, the LLVM GVN pass marks value %16 as undefined: %13 = getelementptr inbounds i8, ptr %1, i64 63 br i1 undef, label %14, label %17 This gives later passes (SCCP, in particular) more DCE opportunities by propagating the undef value further, and eventually removes everything after the load on the uninitialized stack location: define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section ".init.text" align 16 !kcfi_type !11 { %1 = alloca [64 x i8], align 16 ... 12: ; preds = %11 %13 = getelementptr inbounds i8, ptr %1, i64 63 unreachable } In this way, the generated native code will just fall through to the next function, as LLVM does not generate any code for the unreachable IR instruction and leaves the function without a terminator. Zero the on-stack buffer to avoid this possible UB.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/31d1ddc1ce8e8d3f1…
	https://git.kernel.org/stable/c/0b2cbed82b7c6504a…
	https://git.kernel.org/stable/c/d6e1776f51c958271…
	https://git.kernel.org/stable/c/664d0feab92495b6a…
	https://git.kernel.org/stable/c/124834133b32f9386…
	https://git.kernel.org/stable/c/48130002e64fd191b…
	https://git.kernel.org/stable/c/146b6f1112eb30a19…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 31d1ddc1ce8e8d3f101a679243abb42a313ee88a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0b2cbed82b7c6504a8a0fbd181f92dd56b432c12 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d6e1776f51c95827142f1d7064118e255e2deec1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 664d0feab92495b6a27edc3d1119e232c0fe8b2b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 124834133b32f9386bb2d8581d9ab92f65e951e4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 48130002e64fd191b7d18efeb4d253fcc23e4688 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 146b6f1112eb30a19776d6c323c994e9d67790db (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:48:17.936Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/ipvs/ip_vs_proto.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "31d1ddc1ce8e8d3f101a679243abb42a313ee88a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0b2cbed82b7c6504a8a0fbd181f92dd56b432c12",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d6e1776f51c95827142f1d7064118e255e2deec1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "664d0feab92495b6a27edc3d1119e232c0fe8b2b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "124834133b32f9386bb2d8581d9ab92f65e951e4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "48130002e64fd191b7d18efeb4d253fcc23e4688",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "146b6f1112eb30a19776d6c323c994e9d67790db",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/ipvs/ip_vs_proto.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n  vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n  define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n    %1 = alloca [64 x i8], align 16\n    ...\n\n  14:                                               ; preds = %11\n    %15 = getelementptr inbounds i8, ptr %1, i64 63\n    %16 = load i8, ptr %15, align 1\n    %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n    %18 = icmp eq i8 %16, 0\n    %19 = select i1 %17, i1 %18, i1 false\n    br i1 %19, label %20, label %23\n\n  20:                                               ; preds = %14\n    %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n    ...\n\n  23:                                               ; preds = %14, %11, %20\n    %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n    ...\n  }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n  %13 = getelementptr inbounds i8, ptr %1, i64 63\n  br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n  define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n    %1 = alloca [64 x i8], align 16\n    ...\n\n  12:                                               ; preds = %11\n    %13 = getelementptr inbounds i8, ptr %1, i64 63\n    unreachable\n  }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:56:50.317Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/31d1ddc1ce8e8d3f101a679243abb42a313ee88a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b2cbed82b7c6504a8a0fbd181f92dd56b432c12"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6e1776f51c95827142f1d7064118e255e2deec1"
        },
        {
          "url": "https://git.kernel.org/stable/c/664d0feab92495b6a27edc3d1119e232c0fe8b2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/124834133b32f9386bb2d8581d9ab92f65e951e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/48130002e64fd191b7d18efeb4d253fcc23e4688"
        },
        {
          "url": "https://git.kernel.org/stable/c/146b6f1112eb30a19776d6c323c994e9d67790db"
        }
      ],
      "title": "ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53680",
    "datePublished": "2025-01-11T12:25:21.794Z",
    "dateReserved": "2025-01-09T09:49:29.723Z",
    "dateUpdated": "2025-11-03T20:48:17.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41020 (GCVE-0-2024-41020)

Vulnerability from cvelistv5 – Published: 2024-07-29 13:34 – Updated: 2025-11-03 21:59

Title

filelock: Fix fcntl/close race recovery compat path

Summary

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a561145f3ae973ebf…
	https://git.kernel.org/stable/c/4c43ad4ab41602201…
	https://git.kernel.org/stable/c/911cc83e56a2de5a4…
	https://git.kernel.org/stable/c/53e21cfa68a7d12de…
	https://git.kernel.org/stable/c/f4d0775c6e2f1340c…
	https://git.kernel.org/stable/c/73ae349534ebc3773…
	https://git.kernel.org/stable/c/5b0af8e4c70e4b884…
	https://git.kernel.org/stable/c/ed898f9ca3fa32c56…
	https://git.kernel.org/stable/c/f8138f2ad2f745b9a…

Impacted products

Vendor

Product

Version

Linux

Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < a561145f3ae973ebf3e0aee41624e92a6c5cb38d (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 4c43ad4ab41602201d34c66ac62130fe339d686f (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 911cc83e56a2de5a40758766c6a70d6998248860 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 53e21cfa68a7d12de378b7116c75571f73e0dfa2 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < f4d0775c6e2f1340ca0725f0337de149aaa989ca (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 73ae349534ebc377328e7d21891e589626c6e82c (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < ed898f9ca3fa32c56c858b463ceb9d9936cc69c4 (git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < f8138f2ad2f745b9a1c696a05b749eabe44337ea (git)

Linux

Affected: 2.6.13
Unaffected: 0 , < 2.6.13 (semver)
Unaffected: 4.19.319 , ≤ 4.19.* (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.102 , ≤ 6.1.* (semver)
Unaffected: 6.6.43 , ≤ 6.6.* (semver)
Unaffected: 6.9.12 , ≤ 6.9.* (semver)
Unaffected: 6.10.2 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:23.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:28.681942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.238Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/locks.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a561145f3ae973ebf3e0aee41624e92a6c5cb38d",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "4c43ad4ab41602201d34c66ac62130fe339d686f",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "911cc83e56a2de5a40758766c6a70d6998248860",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "53e21cfa68a7d12de378b7116c75571f73e0dfa2",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "f4d0775c6e2f1340ca0725f0337de149aaa989ca",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "73ae349534ebc377328e7d21891e589626c6e82c",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "ed898f9ca3fa32c56c858b463ceb9d9936cc69c4",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            },
            {
              "lessThan": "f8138f2ad2f745b9a1c696a05b749eabe44337ea",
              "status": "affected",
              "version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/locks.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.13"
            },
            {
              "lessThan": "2.6.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.319",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.102",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.43",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.12",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.2",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Fix fcntl/close race recovery compat path\n\nWhen I wrote commit 3cad1bc01041 (\"filelock: Remove locks reliably when\nfcntl/close race is detected\"), I missed that there are two copies of the\ncode I was patching: The normal version, and the version for 64-bit offsets\non 32-bit kernels.\nThanks to Greg KH for stumbling over this while doing the stable\nbackport...\n\nApply exactly the same fix to the compat path for 32-bit kernels."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:20:15.493Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f"
        },
        {
          "url": "https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860"
        },
        {
          "url": "https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea"
        }
      ],
      "title": "filelock: Fix fcntl/close race recovery compat path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41020",
    "datePublished": "2024-07-29T13:34:21.617Z",
    "dateReserved": "2024-07-12T12:17:45.613Z",
    "dateUpdated": "2025-11-03T21:59:23.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26778 (GCVE-0-2024-26778)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:01 – Updated: 2026-01-05 10:34

Title

fbdev: savage: Error out if pixclock equals zero

Summary

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used as the divisor. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/224453de8505aede1…
	https://git.kernel.org/stable/c/84dce0f6a4cc5b7bf…
	https://git.kernel.org/stable/c/512ee6d6041e007ef…
	https://git.kernel.org/stable/c/8c54acf33e5adaad6…
	https://git.kernel.org/stable/c/070398d32c5f3ab0e…
	https://git.kernel.org/stable/c/bc3c2e58d73b28b9a…
	https://git.kernel.org/stable/c/a9ca4e80d23474f90…
	https://git.kernel.org/stable/c/04e5eac8f3ab2ff52…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 224453de8505aede1890f007be973925a3edf6a1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 512ee6d6041e007ef5bf200c6e388e172a2c5b24 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 070398d32c5f3ab0e890374904ad94551c76aec4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < bc3c2e58d73b28b9a8789fca84778ee165a72d13 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a9ca4e80d23474f90841251f4ac0d941fa337a01 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:06:44.068367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:06:55.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/savage/savagefb_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "224453de8505aede1890f007be973925a3edf6a1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "512ee6d6041e007ef5bf200c6e388e172a2c5b24",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "070398d32c5f3ab0e890374904ad94551c76aec4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bc3c2e58d73b28b9a8789fca84778ee165a72d13",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a9ca4e80d23474f90841251f4ac0d941fa337a01",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/savage/savagefb_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo-\u003evar.pixclock is used as the divisor.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:32.658Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
        },
        {
          "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
        }
      ],
      "title": "fbdev: savage: Error out if pixclock equals zero",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26778",
    "datePublished": "2024-04-03T17:01:08.782Z",
    "dateReserved": "2024-02-19T14:20:24.177Z",
    "dateUpdated": "2026-01-05T10:34:32.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50188 (GCVE-0-2024-50188)

Vulnerability from cvelistv5 – Published: 2024-11-08 05:38 – Updated: 2025-11-03 22:26

Title

net: phy: dp83869: fix memory corruption when enabling fiber

Summary

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83869: fix memory corruption when enabling fiber When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 << 10) rather than a bit number (10). This corrupts some other memory location -- in case of arm64 the priv pointer in the same structure. Since the advertising flags are updated from supported at the end of the function the incorrect line isn't needed at all and can be removed.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/21b5af7f0c99b3bf1…
	https://git.kernel.org/stable/c/ad0d76b8ee5db0637…
	https://git.kernel.org/stable/c/c1944b4253649fc6f…
	https://git.kernel.org/stable/c/9ca634676ff66e1d6…
	https://git.kernel.org/stable/c/e3f2de32dae35bc7d…
	https://git.kernel.org/stable/c/a842e443ca8184f2d…

Impacted products

Vendor

Product

Version

Linux

Affected: a29de52ba2a156873505d8b8cef44e69925b8114 , < 21b5af7f0c99b3bf1fd02016e6708b613acbcaf4 (git)
Affected: a29de52ba2a156873505d8b8cef44e69925b8114 , < ad0d76b8ee5db063791cc2e7a30ffc9852ac37c4 (git)
Affected: a29de52ba2a156873505d8b8cef44e69925b8114 , < c1944b4253649fc6f2fb53e7d6302eb414d2182c (git)
Affected: a29de52ba2a156873505d8b8cef44e69925b8114 , < 9ca634676ff66e1d616259e136f96f96b2a1759a (git)
Affected: a29de52ba2a156873505d8b8cef44e69925b8114 , < e3f2de32dae35bc7d173377dc97b5bc9fcd9fc84 (git)
Affected: a29de52ba2a156873505d8b8cef44e69925b8114 , < a842e443ca8184f2dc82ab307b43a8b38defd6a5 (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.57 , ≤ 6.6.* (semver)
Unaffected: 6.11.4 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50188",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:18:28.121438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:27:08.863Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:26:41.710Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/phy/dp83869.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21b5af7f0c99b3bf1fd02016e6708b613acbcaf4",
              "status": "affected",
              "version": "a29de52ba2a156873505d8b8cef44e69925b8114",
              "versionType": "git"
            },
            {
              "lessThan": "ad0d76b8ee5db063791cc2e7a30ffc9852ac37c4",
              "status": "affected",
              "version": "a29de52ba2a156873505d8b8cef44e69925b8114",
              "versionType": "git"
            },
            {
              "lessThan": "c1944b4253649fc6f2fb53e7d6302eb414d2182c",
              "status": "affected",
              "version": "a29de52ba2a156873505d8b8cef44e69925b8114",
              "versionType": "git"
            },
            {
              "lessThan": "9ca634676ff66e1d616259e136f96f96b2a1759a",
              "status": "affected",
              "version": "a29de52ba2a156873505d8b8cef44e69925b8114",
              "versionType": "git"
            },
            {
              "lessThan": "e3f2de32dae35bc7d173377dc97b5bc9fcd9fc84",
              "status": "affected",
              "version": "a29de52ba2a156873505d8b8cef44e69925b8114",
              "versionType": "git"
            },
            {
              "lessThan": "a842e443ca8184f2dc82ab307b43a8b38defd6a5",
              "status": "affected",
              "version": "a29de52ba2a156873505d8b8cef44e69925b8114",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/phy/dp83869.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.57",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.57",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.4",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: dp83869: fix memory corruption when enabling fiber\n\nWhen configuring the fiber port, the DP83869 PHY driver incorrectly\ncalls linkmode_set_bit() with a bit mask (1 \u003c\u003c 10) rather than a bit\nnumber (10). This corrupts some other memory location -- in case of\narm64 the priv pointer in the same structure.\n\nSince the advertising flags are updated from supported at the end of the\nfunction the incorrect line isn\u0027t needed at all and can be removed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:48:15.095Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21b5af7f0c99b3bf1fd02016e6708b613acbcaf4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad0d76b8ee5db063791cc2e7a30ffc9852ac37c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1944b4253649fc6f2fb53e7d6302eb414d2182c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ca634676ff66e1d616259e136f96f96b2a1759a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3f2de32dae35bc7d173377dc97b5bc9fcd9fc84"
        },
        {
          "url": "https://git.kernel.org/stable/c/a842e443ca8184f2dc82ab307b43a8b38defd6a5"
        }
      ],
      "title": "net: phy: dp83869: fix memory corruption when enabling fiber",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50188",
    "datePublished": "2024-11-08T05:38:29.127Z",
    "dateReserved": "2024-10-21T19:36:19.967Z",
    "dateUpdated": "2025-11-03T22:26:41.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53063 (GCVE-0-2024-53063)

Vulnerability from cvelistv5 – Published: 2024-11-19 17:22 – Updated: 2025-11-03 22:28

Title

media: dvbdev: prevent the risk of out of memory access

Summary

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_register_device() won't check for boundaries, as it will rely that a previous call to dvb_register_adapter() would already be enforcing it. On a similar way, dvb_device_open() uses the assumption that the register functions already did the needed checks. This can be fragile if some device ends using different calls. This also generate warnings on static check analysers like Coverity. So, add explicit guards to prevent potential risk of OOM issues.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fedfde9deb83ac8d2…
	https://git.kernel.org/stable/c/3b88675e18b651704…
	https://git.kernel.org/stable/c/a4a17210c03ade1c8…
	https://git.kernel.org/stable/c/5f76f7df14861e3a5…
	https://git.kernel.org/stable/c/b751a96025275c17f…
	https://git.kernel.org/stable/c/1e461672616b726f2…
	https://git.kernel.org/stable/c/9c17085fabbde2041…
	https://git.kernel.org/stable/c/972e63e895abbe8aa…

Impacted products

Vendor

Product

Version

Linux

Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < fedfde9deb83ac8d2f3d5f36f111023df34b1684 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 3b88675e18b6517043a6f734eaa8ea6eb3bfa140 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < a4a17210c03ade1c8d9a9f193a105654b7a05c11 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 5f76f7df14861e3a560898fa41979ec92424b58f (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < b751a96025275c17f04083cbfe856822f1658946 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 1e461672616b726f29261ee81bb991528818537c (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 9c17085fabbde2041c893d29599800f2d4992b23 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 972e63e895abbe8aa1ccbdbb4e6362abda7cd457 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:12:43.056905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-755",
                "description": "CWE-755 Improper Handling of Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:17.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:57.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-core/dvbdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fedfde9deb83ac8d2f3d5f36f111023df34b1684",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "3b88675e18b6517043a6f734eaa8ea6eb3bfa140",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "a4a17210c03ade1c8d9a9f193a105654b7a05c11",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "5f76f7df14861e3a560898fa41979ec92424b58f",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "b751a96025275c17f04083cbfe856822f1658946",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "1e461672616b726f29261ee81bb991528818537c",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "9c17085fabbde2041c893d29599800f2d4992b23",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "972e63e895abbe8aa1ccbdbb4e6362abda7cd457",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-core/dvbdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:52:00.976Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fedfde9deb83ac8d2f3d5f36f111023df34b1684"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b88675e18b6517043a6f734eaa8ea6eb3bfa140"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4a17210c03ade1c8d9a9f193a105654b7a05c11"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f76f7df14861e3a560898fa41979ec92424b58f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b751a96025275c17f04083cbfe856822f1658946"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e461672616b726f29261ee81bb991528818537c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c17085fabbde2041c893d29599800f2d4992b23"
        },
        {
          "url": "https://git.kernel.org/stable/c/972e63e895abbe8aa1ccbdbb4e6362abda7cd457"
        }
      ],
      "title": "media: dvbdev: prevent the risk of out of memory access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53063",
    "datePublished": "2024-11-19T17:22:33.518Z",
    "dateReserved": "2024-11-19T17:17:24.975Z",
    "dateUpdated": "2025-11-03T22:28:57.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49938 (GCVE-0-2024-49938)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54

Title

wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch to calling __skb_set_length(skb, 0) directly. In addition, __skb_set_length() already contains a call to skb_reset_tail_pointer(), so remove the redundant call. The syzbot report came from ath9k_hif_usb_reg_in_cb(), but there's a similar usage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we're at it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e6b9bf32e0695e4f3…
	https://git.kernel.org/stable/c/d1f2fbc6a76908150…
	https://git.kernel.org/stable/c/b02eb7c86ff2ef141…
	https://git.kernel.org/stable/c/012ae530afa078510…
	https://git.kernel.org/stable/c/6a875220670475d92…
	https://git.kernel.org/stable/c/e37e348835032d694…
	https://git.kernel.org/stable/c/2c230210ec0ae6ed0…
	https://git.kernel.org/stable/c/a9f4e28e8adaf0715…
	https://git.kernel.org/stable/c/94745807f3ebd379f…

Impacted products

Vendor

Product

Version

Linux

Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < e6b9bf32e0695e4f374674002de0527d2a6768eb (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < d1f2fbc6a769081503f6ffedbb5cd1ac497f0e77 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < b02eb7c86ff2ef1411c3095ec8a52b13f68db04f (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 012ae530afa0785102360de452745d33c99a321b (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 6a875220670475d9247e576c15dc29823100a4e4 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < e37e348835032d6940ec89308cc8996ded691d2d (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 2c230210ec0ae6ed08306ac70dc21c24b817bb95 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < a9f4e28e8adaf0715bd4e01462af0a52ee46b01f (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 94745807f3ebd379f23865e6dab196f220664179 (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:38:08.567983Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:50.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:23.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/hif_usb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e6b9bf32e0695e4f374674002de0527d2a6768eb",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "d1f2fbc6a769081503f6ffedbb5cd1ac497f0e77",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "b02eb7c86ff2ef1411c3095ec8a52b13f68db04f",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "012ae530afa0785102360de452745d33c99a321b",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "6a875220670475d9247e576c15dc29823100a4e4",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "e37e348835032d6940ec89308cc8996ded691d2d",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "2c230210ec0ae6ed08306ac70dc21c24b817bb95",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "a9f4e28e8adaf0715bd4e01462af0a52ee46b01f",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "94745807f3ebd379f23865e6dab196f220664179",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/hif_usb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\n\nSyzbot points out that skb_trim() has a sanity check on the existing length of\nthe skb, which can be uninitialised in some error paths. The intent here is\nclearly just to reset the length to zero before resubmitting, so switch to\ncalling __skb_set_length(skb, 0) directly. In addition, __skb_set_length()\nalready contains a call to skb_reset_tail_pointer(), so remove the redundant\ncall.\n\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there\u0027s a similar\nusage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we\u0027re at it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:54:32.382Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e6b9bf32e0695e4f374674002de0527d2a6768eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1f2fbc6a769081503f6ffedbb5cd1ac497f0e77"
        },
        {
          "url": "https://git.kernel.org/stable/c/b02eb7c86ff2ef1411c3095ec8a52b13f68db04f"
        },
        {
          "url": "https://git.kernel.org/stable/c/012ae530afa0785102360de452745d33c99a321b"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a875220670475d9247e576c15dc29823100a4e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/e37e348835032d6940ec89308cc8996ded691d2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c230210ec0ae6ed08306ac70dc21c24b817bb95"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9f4e28e8adaf0715bd4e01462af0a52ee46b01f"
        },
        {
          "url": "https://git.kernel.org/stable/c/94745807f3ebd379f23865e6dab196f220664179"
        }
      ],
      "title": "wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49938",
    "datePublished": "2024-10-21T18:01:58.359Z",
    "dateReserved": "2024-10-21T12:17:06.042Z",
    "dateUpdated": "2026-01-05T10:54:32.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46780 (GCVE-0-2024-46780)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18

Title

nilfs2: protect references to superblock parameters exposed in sysfs

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtime for modifications/repairs, but they are also regularly swapped, replaced during resizing, and even abandoned when degrading to one side due to backing device issues. So, accessing them requires mutual exclusion using the reader/writer semaphore "nilfs->ns_sem". Some sysfs attribute show methods read this superblock buffer without the necessary mutual exclusion, which can cause problems with pointer dereferencing and memory access, so fix it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b90beafac05931cbf…
	https://git.kernel.org/stable/c/ba97ba173f9625d5f…
	https://git.kernel.org/stable/c/157c0d94b4c408873…
	https://git.kernel.org/stable/c/b14e7260bb691d7f5…
	https://git.kernel.org/stable/c/19cfeba0e4b8eda51…
	https://git.kernel.org/stable/c/8c6e43b3d5f109cf9…
	https://git.kernel.org/stable/c/962562d4c70c5cdeb…
	https://git.kernel.org/stable/c/683408258917541bd…

Impacted products

Vendor

Product

Version

Linux

Affected: da7141fb78db915680616e15677539fc8140cf53 , < b90beafac05931cbfcb6b1bd4f67c1923f47040e (git)
Affected: da7141fb78db915680616e15677539fc8140cf53 , < ba97ba173f9625d5f34a986088979eae8b80d38e (git)
Affected: da7141fb78db915680616e15677539fc8140cf53 , < 157c0d94b4c40887329418c70ef4edd1a8d6b4ed (git)
Affected: da7141fb78db915680616e15677539fc8140cf53 , < b14e7260bb691d7f563f61da07d61e3c8b59a614 (git)
Affected: da7141fb78db915680616e15677539fc8140cf53 , < 19cfeba0e4b8eda51484fcf8cf7d150418e1d880 (git)
Affected: da7141fb78db915680616e15677539fc8140cf53 , < 8c6e43b3d5f109cf9c61bc188fcc8175404e924f (git)
Affected: da7141fb78db915680616e15677539fc8140cf53 , < 962562d4c70c5cdeb4e955d63ff2017c4eca1aad (git)
Affected: da7141fb78db915680616e15677539fc8140cf53 , < 683408258917541bdb294cd717c210a04381931e (git)

Linux

Affected: 3.17
Unaffected: 0 , < 3.17 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46780",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:38:16.059134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:38:30.940Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:20.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b90beafac05931cbfcb6b1bd4f67c1923f47040e",
              "status": "affected",
              "version": "da7141fb78db915680616e15677539fc8140cf53",
              "versionType": "git"
            },
            {
              "lessThan": "ba97ba173f9625d5f34a986088979eae8b80d38e",
              "status": "affected",
              "version": "da7141fb78db915680616e15677539fc8140cf53",
              "versionType": "git"
            },
            {
              "lessThan": "157c0d94b4c40887329418c70ef4edd1a8d6b4ed",
              "status": "affected",
              "version": "da7141fb78db915680616e15677539fc8140cf53",
              "versionType": "git"
            },
            {
              "lessThan": "b14e7260bb691d7f563f61da07d61e3c8b59a614",
              "status": "affected",
              "version": "da7141fb78db915680616e15677539fc8140cf53",
              "versionType": "git"
            },
            {
              "lessThan": "19cfeba0e4b8eda51484fcf8cf7d150418e1d880",
              "status": "affected",
              "version": "da7141fb78db915680616e15677539fc8140cf53",
              "versionType": "git"
            },
            {
              "lessThan": "8c6e43b3d5f109cf9c61bc188fcc8175404e924f",
              "status": "affected",
              "version": "da7141fb78db915680616e15677539fc8140cf53",
              "versionType": "git"
            },
            {
              "lessThan": "962562d4c70c5cdeb4e955d63ff2017c4eca1aad",
              "status": "affected",
              "version": "da7141fb78db915680616e15677539fc8140cf53",
              "versionType": "git"
            },
            {
              "lessThan": "683408258917541bdb294cd717c210a04381931e",
              "status": "affected",
              "version": "da7141fb78db915680616e15677539fc8140cf53",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "lessThan": "3.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore \"nilfs-\u003ens_sem\".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:34:07.643Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e"
        },
        {
          "url": "https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614"
        },
        {
          "url": "https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f"
        },
        {
          "url": "https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad"
        },
        {
          "url": "https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e"
        }
      ],
      "title": "nilfs2: protect references to superblock parameters exposed in sysfs",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46780",
    "datePublished": "2024-09-18T07:12:36.736Z",
    "dateReserved": "2024-09-11T15:12:18.276Z",
    "dateUpdated": "2025-11-03T22:18:20.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52597 (GCVE-0-2023-52597)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2025-05-21 08:49

Title

KVM: s390: fix setting of fpc register

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space / host process fpc register value, however it will be discarded, when returning to user space. In result the host process will incorrectly continue to run with the value that was supposed to be used for a guest cpu. Fix this by simply removing the test. There is another test right before the SIE context is entered which will handles invalid values. This results in a change of behaviour: invalid values will now be accepted instead of that the ioctl fails with -EINVAL. This seems to be acceptable, given that this interface is most likely not used anymore, and this is in addition the same behaviour implemented with the memory mapped interface (replace invalid values with zero) - see sync_regs() in kvm-s390.c.

Severity ?

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3a04410b0bc7e056e…
	https://git.kernel.org/stable/c/5e63c9ae8055109d8…
	https://git.kernel.org/stable/c/150a3a3871490e8c4…
	https://git.kernel.org/stable/c/732a3bea7aba5b150…
	https://git.kernel.org/stable/c/0671f42a9c1084db1…
	https://git.kernel.org/stable/c/c87d7d910775a025e…
	https://git.kernel.org/stable/c/2823db0010c400e4b…
	https://git.kernel.org/stable/c/b988b1bb0053c0dcd…

Impacted products

Vendor

Product

Version

Linux

Affected: 4725c86055f5bbdcdfe47199c0715881893a2c79 , < 3a04410b0bc7e056e0843ac598825dd359246d18 (git)
Affected: 4725c86055f5bbdcdfe47199c0715881893a2c79 , < 5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1 (git)
Affected: 4725c86055f5bbdcdfe47199c0715881893a2c79 , < 150a3a3871490e8c454ffbac2e60abeafcecff99 (git)
Affected: 4725c86055f5bbdcdfe47199c0715881893a2c79 , < 732a3bea7aba5b15026ea42d14953c3425cc7dc2 (git)
Affected: 4725c86055f5bbdcdfe47199c0715881893a2c79 , < 0671f42a9c1084db10d68ac347d08dbf6689ecb3 (git)
Affected: 4725c86055f5bbdcdfe47199c0715881893a2c79 , < c87d7d910775a025e230fd6359b60627e392460f (git)
Affected: 4725c86055f5bbdcdfe47199c0715881893a2c79 , < 2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7 (git)
Affected: 4725c86055f5bbdcdfe47199c0715881893a2c79 , < b988b1bb0053c0dcd26187d29ef07566a565cf55 (git)

Linux

Affected: 3.13
Unaffected: 0 , < 3.13 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-06T15:59:20.673242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T17:29:59.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/kvm/kvm-s390.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a04410b0bc7e056e0843ac598825dd359246d18",
              "status": "affected",
              "version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
              "versionType": "git"
            },
            {
              "lessThan": "5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1",
              "status": "affected",
              "version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
              "versionType": "git"
            },
            {
              "lessThan": "150a3a3871490e8c454ffbac2e60abeafcecff99",
              "status": "affected",
              "version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
              "versionType": "git"
            },
            {
              "lessThan": "732a3bea7aba5b15026ea42d14953c3425cc7dc2",
              "status": "affected",
              "version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
              "versionType": "git"
            },
            {
              "lessThan": "0671f42a9c1084db10d68ac347d08dbf6689ecb3",
              "status": "affected",
              "version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
              "versionType": "git"
            },
            {
              "lessThan": "c87d7d910775a025e230fd6359b60627e392460f",
              "status": "affected",
              "version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
              "versionType": "git"
            },
            {
              "lessThan": "2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7",
              "status": "affected",
              "version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
              "versionType": "git"
            },
            {
              "lessThan": "b988b1bb0053c0dcd26187d29ef07566a565cf55",
              "status": "affected",
              "version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/kvm/kvm-s390.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix setting of fpc register\n\nkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control\n(fpc) register of a guest cpu. The new value is tested for validity by\ntemporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the host process:\nif an interrupt happens while the value is temporarily loaded into the fpc\nregister, and within interrupt context floating point or vector registers\nare used, the current fp/vx registers are saved with save_fpu_regs()\nassuming they belong to user space and will be loaded into fp/vx registers\nwhen returning to user space.\n\ntest_fp_ctl() restores the original user space / host process fpc register\nvalue, however it will be discarded, when returning to user space.\n\nIn result the host process will incorrectly continue to run with the value\nthat was supposed to be used for a guest cpu.\n\nFix this by simply removing the test. There is another test right before\nthe SIE context is entered which will handles invalid values.\n\nThis results in a change of behaviour: invalid values will now be accepted\ninstead of that the ioctl fails with -EINVAL. This seems to be acceptable,\ngiven that this interface is most likely not used anymore, and this is in\naddition the same behaviour implemented with the memory mapped interface\n(replace invalid values with zero) - see sync_regs() in kvm-s390.c."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T08:49:47.560Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1"
        },
        {
          "url": "https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99"
        },
        {
          "url": "https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55"
        }
      ],
      "title": "KVM: s390: fix setting of fpc register",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52597",
    "datePublished": "2024-03-06T06:45:26.608Z",
    "dateReserved": "2024-03-02T21:55:42.572Z",
    "dateUpdated": "2025-05-21T08:49:47.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51782 (GCVE-0-2023-51782)

Vulnerability from cvelistv5 – Published: 2023-12-25 00:00 – Updated: 2024-08-02 22:48

Summary

An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v6.x/Chan…
	https://github.com/torvalds/linux/commit/810c38a3…
	https://lists.debian.org/debian-lts-announce/2024…	mailing-list
	https://lists.debian.org/debian-lts-announce/2024…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:48:11.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T21:06:48.195981",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-51782",
    "datePublished": "2023-12-25T00:00:00",
    "dateReserved": "2023-12-25T00:00:00",
    "dateUpdated": "2024-08-02T22:48:11.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50015 (GCVE-0-2024-50015)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:54 – Updated: 2025-11-03 22:24

Title

ext4: dax: fix overflowing extents beyond inode size when partially writing

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: dax: fix overflowing extents beyond inode size when partially writing The dax_iomap_rw() does two things in each iteration: map written blocks and copy user data to blocks. If the process is killed by user(See signal handling in dax_iomap_iter()), the copied data will be returned and added on inode size, which means that the length of written extents may exceed the inode size, then fsck will fail. An example is given as: dd if=/dev/urandom of=file bs=4M count=1 dax_iomap_rw iomap_iter // round 1 ext4_iomap_begin ext4_iomap_alloc // allocate 0~2M extents(written flag) dax_iomap_iter // copy 2M data iomap_iter // round 2 iomap_iter_advance iter->pos += iter->processed // iter->pos = 2M ext4_iomap_begin ext4_iomap_alloc // allocate 2~4M extents(written flag) dax_iomap_iter fatal_signal_pending done = iter->pos - iocb->ki_pos // done = 2M ext4_handle_inode_extension ext4_update_inode_size // inode size = 2M fsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix? Fix the problem by truncating extents if the written length is smaller than expected.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f8a7c342326f6ad1d…
	https://git.kernel.org/stable/c/8c30a9a8610c31455…
	https://git.kernel.org/stable/c/abfaa876b948baaea…
	https://git.kernel.org/stable/c/5efccdee4a7d507a4…
	https://git.kernel.org/stable/c/a9f331f51515bdb3e…
	https://git.kernel.org/stable/c/ec0dd451e236c46e4…
	https://git.kernel.org/stable/c/dda898d7ffe85931f…

Impacted products

Vendor

Product

Version

Linux

Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < f8a7c342326f6ad1dfdb30a18dd013c70f5e9669 (git)
Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < 8c30a9a8610c314554997f86370140746aa35661 (git)
Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < abfaa876b948baaea4d14f21a1963789845c8b4c (git)
Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < 5efccdee4a7d507a483f20f880b809cc4eaef14d (git)
Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < a9f331f51515bdb3ebc8d0963131af367ef468f6 (git)
Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < ec0dd451e236c46e4858d53e9e82bae7797a7af5 (git)
Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < dda898d7ffe85931f9cca6d702a51f33717c501e (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:28:08.580885Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:28:48.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:24:30.667Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f8a7c342326f6ad1dfdb30a18dd013c70f5e9669",
              "status": "affected",
              "version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
              "versionType": "git"
            },
            {
              "lessThan": "8c30a9a8610c314554997f86370140746aa35661",
              "status": "affected",
              "version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
              "versionType": "git"
            },
            {
              "lessThan": "abfaa876b948baaea4d14f21a1963789845c8b4c",
              "status": "affected",
              "version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
              "versionType": "git"
            },
            {
              "lessThan": "5efccdee4a7d507a483f20f880b809cc4eaef14d",
              "status": "affected",
              "version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
              "versionType": "git"
            },
            {
              "lessThan": "a9f331f51515bdb3ebc8d0963131af367ef468f6",
              "status": "affected",
              "version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
              "versionType": "git"
            },
            {
              "lessThan": "ec0dd451e236c46e4858d53e9e82bae7797a7af5",
              "status": "affected",
              "version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
              "versionType": "git"
            },
            {
              "lessThan": "dda898d7ffe85931f9cca6d702a51f33717c501e",
              "status": "affected",
              "version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: dax: fix overflowing extents beyond inode size when partially writing\n\nThe dax_iomap_rw() does two things in each iteration: map written blocks\nand copy user data to blocks. If the process is killed by user(See signal\nhandling in dax_iomap_iter()), the copied data will be returned and added\non inode size, which means that the length of written extents may exceed\nthe inode size, then fsck will fail. An example is given as:\n\ndd if=/dev/urandom of=file bs=4M count=1\n dax_iomap_rw\n  iomap_iter // round 1\n   ext4_iomap_begin\n    ext4_iomap_alloc // allocate 0~2M extents(written flag)\n  dax_iomap_iter // copy 2M data\n  iomap_iter // round 2\n   iomap_iter_advance\n    iter-\u003epos += iter-\u003eprocessed // iter-\u003epos = 2M\n   ext4_iomap_begin\n    ext4_iomap_alloc // allocate 2~4M extents(written flag)\n  dax_iomap_iter\n   fatal_signal_pending\n  done = iter-\u003epos - iocb-\u003eki_pos // done = 2M\n ext4_handle_inode_extension\n  ext4_update_inode_size // inode size = 2M\n\nfsck reports: Inode 13, i_size is 2097152, should be 4194304.  Fix?\n\nFix the problem by truncating extents if the written length is smaller\nthan expected."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:43:51.569Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f8a7c342326f6ad1dfdb30a18dd013c70f5e9669"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c30a9a8610c314554997f86370140746aa35661"
        },
        {
          "url": "https://git.kernel.org/stable/c/abfaa876b948baaea4d14f21a1963789845c8b4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5efccdee4a7d507a483f20f880b809cc4eaef14d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9f331f51515bdb3ebc8d0963131af367ef468f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec0dd451e236c46e4858d53e9e82bae7797a7af5"
        },
        {
          "url": "https://git.kernel.org/stable/c/dda898d7ffe85931f9cca6d702a51f33717c501e"
        }
      ],
      "title": "ext4: dax: fix overflowing extents beyond inode size when partially writing",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50015",
    "datePublished": "2024-10-21T18:54:06.465Z",
    "dateReserved": "2024-10-21T12:17:06.062Z",
    "dateUpdated": "2025-11-03T22:24:30.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50184 (GCVE-0-2024-50184)

Vulnerability from cvelistv5 – Published: 2024-11-08 05:38 – Updated: 2025-11-03 22:26

Title

virtio_pmem: Check device status before requesting flush

Summary

In the Linux kernel, the following vulnerability has been resolved: virtio_pmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system to hang. So add a status check in the beginning of virtio_pmem_flush() to return early if the device is not activated.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/59ac565c6277d4be6…
	https://git.kernel.org/stable/c/4ce662fe4be6fbc25…
	https://git.kernel.org/stable/c/9a2bc9b6f929a2ce1…
	https://git.kernel.org/stable/c/6a5ca0ab94e13a147…
	https://git.kernel.org/stable/c/b01793cc63dd39c8f…
	https://git.kernel.org/stable/c/ce7a3a62cc533c922…
	https://git.kernel.org/stable/c/e25fbcd97cf52c3c9…

Impacted products

Vendor

Product

Version

Linux

Affected: 6e84200c0a2994b991259d19450eee561029bf70 , < 59ac565c6277d4be6661e81ea6a7f3ca2c5e4e36 (git)
Affected: 6e84200c0a2994b991259d19450eee561029bf70 , < 4ce662fe4be6fbc2595d9ef4888b2b6e778c99ed (git)
Affected: 6e84200c0a2994b991259d19450eee561029bf70 , < 9a2bc9b6f929a2ce1ebe4d1a796ddab37568c5b4 (git)
Affected: 6e84200c0a2994b991259d19450eee561029bf70 , < 6a5ca0ab94e13a1474bf7ad8437a975c2193618f (git)
Affected: 6e84200c0a2994b991259d19450eee561029bf70 , < b01793cc63dd39c8f12b9a3d8dc115fbebb19e2a (git)
Affected: 6e84200c0a2994b991259d19450eee561029bf70 , < ce7a3a62cc533c922072f328fd2ea2fd7cb893d4 (git)
Affected: 6e84200c0a2994b991259d19450eee561029bf70 , < e25fbcd97cf52c3c9824d44b5c56c19673c3dd50 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.57 , ≤ 6.6.* (semver)
Unaffected: 6.11.4 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50184",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:18:46.847874Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:27:09.456Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:26:35.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvdimm/nd_virtio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "59ac565c6277d4be6661e81ea6a7f3ca2c5e4e36",
              "status": "affected",
              "version": "6e84200c0a2994b991259d19450eee561029bf70",
              "versionType": "git"
            },
            {
              "lessThan": "4ce662fe4be6fbc2595d9ef4888b2b6e778c99ed",
              "status": "affected",
              "version": "6e84200c0a2994b991259d19450eee561029bf70",
              "versionType": "git"
            },
            {
              "lessThan": "9a2bc9b6f929a2ce1ebe4d1a796ddab37568c5b4",
              "status": "affected",
              "version": "6e84200c0a2994b991259d19450eee561029bf70",
              "versionType": "git"
            },
            {
              "lessThan": "6a5ca0ab94e13a1474bf7ad8437a975c2193618f",
              "status": "affected",
              "version": "6e84200c0a2994b991259d19450eee561029bf70",
              "versionType": "git"
            },
            {
              "lessThan": "b01793cc63dd39c8f12b9a3d8dc115fbebb19e2a",
              "status": "affected",
              "version": "6e84200c0a2994b991259d19450eee561029bf70",
              "versionType": "git"
            },
            {
              "lessThan": "ce7a3a62cc533c922072f328fd2ea2fd7cb893d4",
              "status": "affected",
              "version": "6e84200c0a2994b991259d19450eee561029bf70",
              "versionType": "git"
            },
            {
              "lessThan": "e25fbcd97cf52c3c9824d44b5c56c19673c3dd50",
              "status": "affected",
              "version": "6e84200c0a2994b991259d19450eee561029bf70",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvdimm/nd_virtio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.57",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.57",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.4",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_pmem: Check device status before requesting flush\n\nIf a pmem device is in a bad status, the driver side could wait for\nhost ack forever in virtio_pmem_flush(), causing the system to hang.\n\nSo add a status check in the beginning of virtio_pmem_flush() to return\nearly if the device is not activated."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:48:09.411Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/59ac565c6277d4be6661e81ea6a7f3ca2c5e4e36"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ce662fe4be6fbc2595d9ef4888b2b6e778c99ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a2bc9b6f929a2ce1ebe4d1a796ddab37568c5b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a5ca0ab94e13a1474bf7ad8437a975c2193618f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b01793cc63dd39c8f12b9a3d8dc115fbebb19e2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce7a3a62cc533c922072f328fd2ea2fd7cb893d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/e25fbcd97cf52c3c9824d44b5c56c19673c3dd50"
        }
      ],
      "title": "virtio_pmem: Check device status before requesting flush",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50184",
    "datePublished": "2024-11-08T05:38:25.258Z",
    "dateReserved": "2024-10-21T19:36:19.966Z",
    "dateUpdated": "2025-11-03T22:26:35.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26766 (GCVE-0-2024-26766)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 12:54

Title

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

Summary

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `sendmsg` system call. [ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI [ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1] -- [ 1080.974535] Call Trace: [ 1080.976990] <TASK> [ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1] [ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1] [ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1] [ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib] [ 1081.046978] dev_hard_start_xmit+0xc4/0x210 -- [ 1081.148347] __sys_sendmsg+0x59/0xa0 crash> ipoib_txreq 0xffff9cfeba229f00 struct ipoib_txreq { txreq = { list = { next = 0xffff9cfeba229f00, prev = 0xffff9cfeba229f00 }, descp = 0xffff9cfeba229f40, coalesce_buf = 0x0, wait = 0xffff9cfea4e69a48, complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>, packet_len = 0x46d, tlen = 0x0, num_desc = 0x0, desc_limit = 0x6, next_descq_idx = 0x45c, coalesce_idx = 0x0, flags = 0x0, descs = {{ qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63) }, { qw = { 0x3800014231b108, 0x4} }, { qw = { 0x310000e4ee0fcf0, 0x8} }, { qw = { 0x3000012e9f8000, 0x8} }, { qw = { 0x59000dfb9d0000, 0x8} }, { qw = { 0x78000e02e40000, 0x8} }} }, sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62) complete = 0x0, priv = 0x0, txq = 0xffff9cfea4e69880, skb = 0xffff9d099809f400 } If an SDMA send consists of exactly 6 descriptors and requires dword padding (in the 7th descriptor), the sdma_txreq descriptor array is not properly expanded and the packet will overflow into the container structure. This results in a panic when the send completion runs. The exact panic varies depending on what elements of the container structure get corrupted. The fix is to use the correct expression in _pad_sdma_tx_descs() to test the need to expand the descriptor array. With this patch the crashes are no longer reproducible and the machine is stable.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/115b7f3bc1dce590a…
	https://git.kernel.org/stable/c/5833024a9856f454a…
	https://git.kernel.org/stable/c/3f38d22e645e2e994…
	https://git.kernel.org/stable/c/47ae64df23ed1318e…
	https://git.kernel.org/stable/c/52dc9a7a573dbf778…
	https://git.kernel.org/stable/c/a2fef1d81becf4ff6…
	https://git.kernel.org/stable/c/9034a1bec35e9f725…
	https://git.kernel.org/stable/c/e6f57c6881916df39…

Impacted products

Vendor

Product

Version

Linux

Affected: d1c1ee052d25ca23735eea912f843bc7834781b4 , < 115b7f3bc1dce590a6851a2dcf23dc1100c49790 (git)
Affected: 40ac5cb6cbb01afa40881f78b4d2f559fb7065c4 , < 5833024a9856f454a964a198c63a57e59e07baf5 (git)
Affected: 6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179 , < 3f38d22e645e2e994979426ea5a35186102ff3c2 (git)
Affected: bd57756a7e43c7127d0eca1fc5868e705fd0f7ba , < 47ae64df23ed1318e27bd9844e135a5e1c0e6e39 (git)
Affected: eeaf35f4e3b360162081de5e744cf32d6d1b0091 , < 52dc9a7a573dbf778625a0efca0fca55489f084b (git)
Affected: fd8958efe8779d3db19c9124fce593ce681ac709 , < a2fef1d81becf4ff60e1a249477464eae3c3bc2a (git)
Affected: fd8958efe8779d3db19c9124fce593ce681ac709 , < 9034a1bec35e9f725315a3bb6002ef39666114d9 (git)
Affected: fd8958efe8779d3db19c9124fce593ce681ac709 , < e6f57c6881916df39db7d95981a8ad2b9c3458d6 (git)
Affected: 0ef9594936d1f078e8599a1cf683b052df2bec00 (git)

Linux

Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26766",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:11:09.801717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:44.178Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hfi1/sdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "115b7f3bc1dce590a6851a2dcf23dc1100c49790",
              "status": "affected",
              "version": "d1c1ee052d25ca23735eea912f843bc7834781b4",
              "versionType": "git"
            },
            {
              "lessThan": "5833024a9856f454a964a198c63a57e59e07baf5",
              "status": "affected",
              "version": "40ac5cb6cbb01afa40881f78b4d2f559fb7065c4",
              "versionType": "git"
            },
            {
              "lessThan": "3f38d22e645e2e994979426ea5a35186102ff3c2",
              "status": "affected",
              "version": "6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179",
              "versionType": "git"
            },
            {
              "lessThan": "47ae64df23ed1318e27bd9844e135a5e1c0e6e39",
              "status": "affected",
              "version": "bd57756a7e43c7127d0eca1fc5868e705fd0f7ba",
              "versionType": "git"
            },
            {
              "lessThan": "52dc9a7a573dbf778625a0efca0fca55489f084b",
              "status": "affected",
              "version": "eeaf35f4e3b360162081de5e744cf32d6d1b0091",
              "versionType": "git"
            },
            {
              "lessThan": "a2fef1d81becf4ff60e1a249477464eae3c3bc2a",
              "status": "affected",
              "version": "fd8958efe8779d3db19c9124fce593ce681ac709",
              "versionType": "git"
            },
            {
              "lessThan": "9034a1bec35e9f725315a3bb6002ef39666114d9",
              "status": "affected",
              "version": "fd8958efe8779d3db19c9124fce593ce681ac709",
              "versionType": "git"
            },
            {
              "lessThan": "e6f57c6881916df39db7d95981a8ad2b9c3458d6",
              "status": "affected",
              "version": "fd8958efe8779d3db19c9124fce593ce681ac709",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0ef9594936d1f078e8599a1cf683b052df2bec00",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hfi1/sdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "4.19.291",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "5.4.251",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "5.10.188",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "5.15.99",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "6.1.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.2.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error\n\nUnfortunately the commit `fd8958efe877` introduced another error\ncausing the `descs` array to overflow. This reults in further crashes\neasily reproducible by `sendmsg` system call.\n\n[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI\n[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]\n--\n[ 1080.974535] Call Trace:\n[ 1080.976990]  \u003cTASK\u003e\n[ 1081.021929]  hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]\n[ 1081.027364]  hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]\n[ 1081.032633]  hfi1_ipoib_send+0x112/0x300 [hfi1]\n[ 1081.042001]  ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]\n[ 1081.046978]  dev_hard_start_xmit+0xc4/0x210\n--\n[ 1081.148347]  __sys_sendmsg+0x59/0xa0\n\ncrash\u003e ipoib_txreq 0xffff9cfeba229f00\nstruct ipoib_txreq {\n  txreq = {\n    list = {\n      next = 0xffff9cfeba229f00,\n      prev = 0xffff9cfeba229f00\n    },\n    descp = 0xffff9cfeba229f40,\n    coalesce_buf = 0x0,\n    wait = 0xffff9cfea4e69a48,\n    complete = 0xffffffffc0fe0760 \u003chfi1_ipoib_sdma_complete\u003e,\n    packet_len = 0x46d,\n    tlen = 0x0,\n    num_desc = 0x0,\n    desc_limit = 0x6,\n    next_descq_idx = 0x45c,\n    coalesce_idx = 0x0,\n    flags = 0x0,\n    descs = {{\n        qw = {0x8024000120dffb00, 0x4}  # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)\n      }, {\n        qw = {  0x3800014231b108, 0x4}\n      }, {\n        qw = { 0x310000e4ee0fcf0, 0x8}\n      }, {\n        qw = {  0x3000012e9f8000, 0x8}\n      }, {\n        qw = {  0x59000dfb9d0000, 0x8}\n      }, {\n        qw = {  0x78000e02e40000, 0x8}\n      }}\n  },\n  sdma_hdr =  0x400300015528b000,  \u003c\u003c\u003c invalid pointer in the tx request structure\n  sdma_status = 0x0,                   SDMA_DESC0_LAST_DESC_FLAG (bit 62)\n  complete = 0x0,\n  priv = 0x0,\n  txq = 0xffff9cfea4e69880,\n  skb = 0xffff9d099809f400\n}\n\nIf an SDMA send consists of exactly 6 descriptors and requires dword\npadding (in the 7th descriptor), the sdma_txreq descriptor array is not\nproperly expanded and the packet will overflow into the container\nstructure. This results in a panic when the send completion runs. The\nexact panic varies depending on what elements of the container structure\nget corrupted. The fix is to use the correct expression in\n_pad_sdma_tx_descs() to test the need to expand the descriptor array.\n\nWith this patch the crashes are no longer reproducible and the machine is\nstable."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:42.053Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
        },
        {
          "url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
        },
        {
          "url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
        }
      ],
      "title": "IB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26766",
    "datePublished": "2024-04-03T17:00:48.642Z",
    "dateReserved": "2024-02-19T14:20:24.173Z",
    "dateUpdated": "2025-05-04T12:54:42.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52587 (GCVE-0-2023-52587)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2026-01-05 10:16

Title

IB/ipoib: Fix mcast list locking

Summary

In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the `priv->lock` while iterating the `priv->multicast_list` in `ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to remove the items while in the middle of iteration. If the mcast is removed while the lock was dropped, the for loop spins forever resulting in a hard lockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel): Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below) -----------------------------------+----------------------------------- ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work) spin_lock_irq(&priv->lock) | __ipoib_ib_dev_flush(priv, ...) list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv->dev) &priv->multicast_list, list) | ipoib_mcast_join(dev, mcast) | spin_unlock_irq(&priv->lock) | | spin_lock_irqsave(&priv->lock, flags) | list_for_each_entry_safe(mcast, tmcast, | &priv->multicast_list, list) | list_del(&mcast->list); | list_add_tail(&mcast->list, &remove_list) | spin_unlock_irqrestore(&priv->lock, flags) spin_lock_irq(&priv->lock) | | ipoib_mcast_remove_list(&remove_list) (Here, `mcast` is no longer on the | list_for_each_entry_safe(mcast, tmcast, `priv->multicast_list` and we keep | remove_list, list) spinning on the `remove_list` of | >>> wait_for_completion(&mcast->done) the other thread which is blocked | and the list is still valid on | it's stack.) Fix this by keeping the lock held and changing to GFP_ATOMIC to prevent eventual sleeps. Unfortunately we could not reproduce the lockup and confirm this fix but based on the code review I think this fix should address such lockups. crash> bc 31 PID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: "kworker/u72:2" -- [exception RIP: ipoib_mcast_join_task+0x1b1] RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002 RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000 work (&priv->mcast_task{,.work}) RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000 &mcast->list RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000 R10: ff646f199a8c7e00 R11: ff1c6a191a7d9800 R12: ff1c6a192d60ac00 mcast R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15: ff1c6a1a04dc82d8 dev priv (&priv->lock) &priv->multicast_list (aka head) ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 --- <NMI exception stack> --- #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib] #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967 crash> rx ff646f199a8c7e68 ff646f199a8c7e68: ff1c6a1a04dc82f8 <<< work = &priv->mcast_task.work crash> list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000 (empty) crash> ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000 mcast_task.work.func = 0xffffffffc0944910 <ipoib_mcast_join_task>, mcast_mutex.owner.counter = 0xff1c69998efec000 crash> b 8 PID: 8 TASK: ff1c69998efec000 CPU: 33 COMMAND: "kworker/u72:0" -- #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646 #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib] #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib] #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib] #7 [ff ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4c8922ae8eb8dcc1e…
	https://git.kernel.org/stable/c/615e3adc2042b7be4…
	https://git.kernel.org/stable/c/ac2630fd3c90ffec3…
	https://git.kernel.org/stable/c/ed790bd0903ed3352…
	https://git.kernel.org/stable/c/5108a2dc2db5630fb…
	https://git.kernel.org/stable/c/342258fb46d66c1b4…
	https://git.kernel.org/stable/c/7c7bd4d561e9dc6f5…
	https://git.kernel.org/stable/c/4f973e211b3b1c6d3…

Impacted products

Vendor

Product

Version

Linux

Affected: d2fe937ce6ce23daf5fb214e45432dbb631581b7 , < 4c8922ae8eb8dcc1e4b7d1059d97a8334288d825 (git)
Affected: d2fe937ce6ce23daf5fb214e45432dbb631581b7 , < 615e3adc2042b7be4ad122a043fc9135e6342c90 (git)
Affected: d2fe937ce6ce23daf5fb214e45432dbb631581b7 , < ac2630fd3c90ffec34a0bfc4d413668538b0e8f2 (git)
Affected: d2fe937ce6ce23daf5fb214e45432dbb631581b7 , < ed790bd0903ed3352ebf7f650d910f49b7319b34 (git)
Affected: d2fe937ce6ce23daf5fb214e45432dbb631581b7 , < 5108a2dc2db5630fb6cd58b8be80a0c134bc310a (git)
Affected: d2fe937ce6ce23daf5fb214e45432dbb631581b7 , < 342258fb46d66c1b4c7e2c3717ac01e10c03cf18 (git)
Affected: d2fe937ce6ce23daf5fb214e45432dbb631581b7 , < 7c7bd4d561e9dc6f5b7df9e184974915f6701a89 (git)
Affected: d2fe937ce6ce23daf5fb214e45432dbb631581b7 , < 4f973e211b3b1c6d36f7c6a19239d258856749f9 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-08T18:50:41.278526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:13.749Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c8922ae8eb8dcc1e4b7d1059d97a8334288d825"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/615e3adc2042b7be4ad122a043fc9135e6342c90"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac2630fd3c90ffec34a0bfc4d413668538b0e8f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed790bd0903ed3352ebf7f650d910f49b7319b34"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5108a2dc2db5630fb6cd58b8be80a0c134bc310a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/342258fb46d66c1b4c7e2c3717ac01e10c03cf18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7c7bd4d561e9dc6f5b7df9e184974915f6701a89"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f973e211b3b1c6d36f7c6a19239d258856749f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/ipoib/ipoib_multicast.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4c8922ae8eb8dcc1e4b7d1059d97a8334288d825",
              "status": "affected",
              "version": "d2fe937ce6ce23daf5fb214e45432dbb631581b7",
              "versionType": "git"
            },
            {
              "lessThan": "615e3adc2042b7be4ad122a043fc9135e6342c90",
              "status": "affected",
              "version": "d2fe937ce6ce23daf5fb214e45432dbb631581b7",
              "versionType": "git"
            },
            {
              "lessThan": "ac2630fd3c90ffec34a0bfc4d413668538b0e8f2",
              "status": "affected",
              "version": "d2fe937ce6ce23daf5fb214e45432dbb631581b7",
              "versionType": "git"
            },
            {
              "lessThan": "ed790bd0903ed3352ebf7f650d910f49b7319b34",
              "status": "affected",
              "version": "d2fe937ce6ce23daf5fb214e45432dbb631581b7",
              "versionType": "git"
            },
            {
              "lessThan": "5108a2dc2db5630fb6cd58b8be80a0c134bc310a",
              "status": "affected",
              "version": "d2fe937ce6ce23daf5fb214e45432dbb631581b7",
              "versionType": "git"
            },
            {
              "lessThan": "342258fb46d66c1b4c7e2c3717ac01e10c03cf18",
              "status": "affected",
              "version": "d2fe937ce6ce23daf5fb214e45432dbb631581b7",
              "versionType": "git"
            },
            {
              "lessThan": "7c7bd4d561e9dc6f5b7df9e184974915f6701a89",
              "status": "affected",
              "version": "d2fe937ce6ce23daf5fb214e45432dbb631581b7",
              "versionType": "git"
            },
            {
              "lessThan": "4f973e211b3b1c6d36f7c6a19239d258856749f9",
              "status": "affected",
              "version": "d2fe937ce6ce23daf5fb214e45432dbb631581b7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/ipoib/ipoib_multicast.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/ipoib: Fix mcast list locking\n\nReleasing the `priv-\u003elock` while iterating the `priv-\u003emulticast_list` in\n`ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to\nremove the items while in the middle of iteration. If the mcast is removed\nwhile the lock was dropped, the for loop spins forever resulting in a hard\nlockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel):\n\n    Task A (kworker/u72:2 below)       | Task B (kworker/u72:0 below)\n    -----------------------------------+-----------------------------------\n    ipoib_mcast_join_task(work)        | ipoib_ib_dev_flush_light(work)\n      spin_lock_irq(\u0026priv-\u003elock)       | __ipoib_ib_dev_flush(priv, ...)\n      list_for_each_entry(mcast,       | ipoib_mcast_dev_flush(dev = priv-\u003edev)\n          \u0026priv-\u003emulticast_list, list) |\n        ipoib_mcast_join(dev, mcast)   |\n          spin_unlock_irq(\u0026priv-\u003elock) |\n                                       |   spin_lock_irqsave(\u0026priv-\u003elock, flags)\n                                       |   list_for_each_entry_safe(mcast, tmcast,\n                                       |                  \u0026priv-\u003emulticast_list, list)\n                                       |     list_del(\u0026mcast-\u003elist);\n                                       |     list_add_tail(\u0026mcast-\u003elist, \u0026remove_list)\n                                       |   spin_unlock_irqrestore(\u0026priv-\u003elock, flags)\n          spin_lock_irq(\u0026priv-\u003elock)   |\n                                       |   ipoib_mcast_remove_list(\u0026remove_list)\n   (Here, `mcast` is no longer on the  |     list_for_each_entry_safe(mcast, tmcast,\n    `priv-\u003emulticast_list` and we keep |                            remove_list, list)\n    spinning on the `remove_list` of   |  \u003e\u003e\u003e  wait_for_completion(\u0026mcast-\u003edone)\n    the other thread which is blocked  |\n    and the list is still valid on     |\n    it\u0027s stack.)\n\nFix this by keeping the lock held and changing to GFP_ATOMIC to prevent\neventual sleeps.\nUnfortunately we could not reproduce the lockup and confirm this fix but\nbased on the code review I think this fix should address such lockups.\n\ncrash\u003e bc 31\nPID: 747      TASK: ff1c6a1a007e8000  CPU: 31   COMMAND: \"kworker/u72:2\"\n--\n    [exception RIP: ipoib_mcast_join_task+0x1b1]\n    RIP: ffffffffc0944ac1  RSP: ff646f199a8c7e00  RFLAGS: 00000002\n    RAX: 0000000000000000  RBX: ff1c6a1a04dc82f8  RCX: 0000000000000000\n                                  work (\u0026priv-\u003emcast_task{,.work})\n    RDX: ff1c6a192d60ac68  RSI: 0000000000000286  RDI: ff1c6a1a04dc8000\n           \u0026mcast-\u003elist\n    RBP: ff646f199a8c7e90   R8: ff1c699980019420   R9: ff1c6a1920c9a000\n    R10: ff646f199a8c7e00  R11: ff1c6a191a7d9800  R12: ff1c6a192d60ac00\n                                                         mcast\n    R13: ff1c6a1d82200000  R14: ff1c6a1a04dc8000  R15: ff1c6a1a04dc82d8\n           dev                    priv (\u0026priv-\u003elock)     \u0026priv-\u003emulticast_list (aka head)\n    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018\n--- \u003cNMI exception stack\u003e ---\n #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib]\n #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967\n\ncrash\u003e rx ff646f199a8c7e68\nff646f199a8c7e68:  ff1c6a1a04dc82f8 \u003c\u003c\u003c work = \u0026priv-\u003emcast_task.work\n\ncrash\u003e list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000\n(empty)\n\ncrash\u003e ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000\n  mcast_task.work.func = 0xffffffffc0944910 \u003cipoib_mcast_join_task\u003e,\n  mcast_mutex.owner.counter = 0xff1c69998efec000\n\ncrash\u003e b 8\nPID: 8        TASK: ff1c69998efec000  CPU: 33   COMMAND: \"kworker/u72:0\"\n--\n #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646\n #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib]\n #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib]\n #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib]\n #7 [ff\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:23.578Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4c8922ae8eb8dcc1e4b7d1059d97a8334288d825"
        },
        {
          "url": "https://git.kernel.org/stable/c/615e3adc2042b7be4ad122a043fc9135e6342c90"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac2630fd3c90ffec34a0bfc4d413668538b0e8f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed790bd0903ed3352ebf7f650d910f49b7319b34"
        },
        {
          "url": "https://git.kernel.org/stable/c/5108a2dc2db5630fb6cd58b8be80a0c134bc310a"
        },
        {
          "url": "https://git.kernel.org/stable/c/342258fb46d66c1b4c7e2c3717ac01e10c03cf18"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c7bd4d561e9dc6f5b7df9e184974915f6701a89"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f973e211b3b1c6d36f7c6a19239d258856749f9"
        }
      ],
      "title": "IB/ipoib: Fix mcast list locking",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52587",
    "datePublished": "2024-03-06T06:45:21.418Z",
    "dateReserved": "2024-03-02T21:55:42.570Z",
    "dateUpdated": "2026-01-05T10:16:23.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50195 (GCVE-0-2024-50195)

Vulnerability from cvelistv5 – Published: 2024-11-08 05:54 – Updated: 2025-11-03 22:26

Title

posix-clock: Fix missing timespec64 check in pc_clock_settime()

Summary

In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pc_clock_settime() As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tv_sec and tv_nsec range before calling ptp->info->settime64(). As the man manual of clock_settime() said, if tp.tv_sec is negative or tp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL, which include dynamic clocks which handles PTP clock, and the condition is consistent with timespec64_valid(). As Thomas suggested, timespec64_valid() only check the timespec is valid, but not ensure that the time is in a valid range, so check it ahead using timespec64_valid_strict() in pc_clock_settime() and return -EINVAL if not valid. There are some drivers that use tp->tv_sec and tp->tv_nsec directly to write registers without validity checks and assume that the higher layer has checked it, which is dangerous and will benefit from this, such as hclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(), and some drivers can remove the checks of itself.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/29f085345cde24566…
	https://git.kernel.org/stable/c/e0c966bd3e31911b5…
	https://git.kernel.org/stable/c/673a1c5a2998acbd4…
	https://git.kernel.org/stable/c/c8789fbe2bbf75845…
	https://git.kernel.org/stable/c/27abbde44b6e71ee3…
	https://git.kernel.org/stable/c/a3f169e398215e713…
	https://git.kernel.org/stable/c/1ff7247101af72373…
	https://git.kernel.org/stable/c/d8794ac20a299b647…

Impacted products

Vendor

Product

Version

Linux

Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < 29f085345cde24566efb751f39e5d367c381c584 (git)
Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < e0c966bd3e31911b57ef76cec4c5796ebd88e512 (git)
Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < 673a1c5a2998acbd429d6286e6cad10f17f4f073 (git)
Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < c8789fbe2bbf75845e45302cba6ffa44e1884d01 (git)
Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < 27abbde44b6e71ee3891de13e1a228aa7ce95bfe (git)
Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < a3f169e398215e71361774d13bf91a0101283ac2 (git)
Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < 1ff7247101af723731ea42ed565d54fb8f341264 (git)
Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < d8794ac20a299b647ba9958f6d657051fc51a540 (git)

Linux

Affected: 2.6.39
Unaffected: 0 , < 2.6.39 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.228 , ≤ 5.10.* (semver)
Unaffected: 5.15.169 , ≤ 5.15.* (semver)
Unaffected: 6.1.114 , ≤ 6.1.* (semver)
Unaffected: 6.6.58 , ≤ 6.6.* (semver)
Unaffected: 6.11.5 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50195",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:18:04.312116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:27:07.870Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:26:50.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/time/posix-clock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "29f085345cde24566efb751f39e5d367c381c584",
              "status": "affected",
              "version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
              "versionType": "git"
            },
            {
              "lessThan": "e0c966bd3e31911b57ef76cec4c5796ebd88e512",
              "status": "affected",
              "version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
              "versionType": "git"
            },
            {
              "lessThan": "673a1c5a2998acbd429d6286e6cad10f17f4f073",
              "status": "affected",
              "version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
              "versionType": "git"
            },
            {
              "lessThan": "c8789fbe2bbf75845e45302cba6ffa44e1884d01",
              "status": "affected",
              "version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
              "versionType": "git"
            },
            {
              "lessThan": "27abbde44b6e71ee3891de13e1a228aa7ce95bfe",
              "status": "affected",
              "version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
              "versionType": "git"
            },
            {
              "lessThan": "a3f169e398215e71361774d13bf91a0101283ac2",
              "status": "affected",
              "version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
              "versionType": "git"
            },
            {
              "lessThan": "1ff7247101af723731ea42ed565d54fb8f341264",
              "status": "affected",
              "version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
              "versionType": "git"
            },
            {
              "lessThan": "d8794ac20a299b647ba9958f6d657051fc51a540",
              "status": "affected",
              "version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/time/posix-clock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.228",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.114",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.58",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.228",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.169",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.114",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.58",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.5",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: Fix missing timespec64 check in pc_clock_settime()\n\nAs Andrew pointed out, it will make sense that the PTP core\nchecked timespec64 struct\u0027s tv_sec and tv_nsec range before calling\nptp-\u003einfo-\u003esettime64().\n\nAs the man manual of clock_settime() said, if tp.tv_sec is negative or\ntp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL,\nwhich include dynamic clocks which handles PTP clock, and the condition is\nconsistent with timespec64_valid(). As Thomas suggested, timespec64_valid()\nonly check the timespec is valid, but not ensure that the time is\nin a valid range, so check it ahead using timespec64_valid_strict()\nin pc_clock_settime() and return -EINVAL if not valid.\n\nThere are some drivers that use tp-\u003etv_sec and tp-\u003etv_nsec directly to\nwrite registers without validity checks and assume that the higher layer\nhas checked it, which is dangerous and will benefit from this, such as\nhclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),\nand some drivers can remove the checks of itself."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:48:26.517Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/29f085345cde24566efb751f39e5d367c381c584"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0c966bd3e31911b57ef76cec4c5796ebd88e512"
        },
        {
          "url": "https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8789fbe2bbf75845e45302cba6ffa44e1884d01"
        },
        {
          "url": "https://git.kernel.org/stable/c/27abbde44b6e71ee3891de13e1a228aa7ce95bfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3f169e398215e71361774d13bf91a0101283ac2"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ff7247101af723731ea42ed565d54fb8f341264"
        },
        {
          "url": "https://git.kernel.org/stable/c/d8794ac20a299b647ba9958f6d657051fc51a540"
        }
      ],
      "title": "posix-clock: Fix missing timespec64 check in pc_clock_settime()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50195",
    "datePublished": "2024-11-08T05:54:10.183Z",
    "dateReserved": "2024-10-21T19:36:19.968Z",
    "dateUpdated": "2025-11-03T22:26:50.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50301 (GCVE-0-2024-50301)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2025-11-03 22:28

Title

security/keys: fix slab-out-of-bounds in key_task_permission

Summary

In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline] BUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410 security/keys/permission.c:54 Read of size 4 at addr ffff88813c3ab618 by task stress-ng/4362 CPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15 Call Trace: __dump_stack lib/dump_stack.c:82 [inline] dump_stack+0x107/0x167 lib/dump_stack.c:123 print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400 __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560 kasan_report+0x3a/0x50 mm/kasan/report.c:585 __kuid_val include/linux/uidgid.h:36 [inline] uid_eq include/linux/uidgid.h:63 [inline] key_task_permission+0x394/0x410 security/keys/permission.c:54 search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793 This issue was also reported by syzbot. It can be reproduced by following these steps(more details [1]): 1. Obtain more than 32 inputs that have similar hashes, which ends with the pattern '0xxxxxxxe6'. 2. Reboot and add the keys obtained in step 1. The reproducer demonstrates how this issue happened: 1. In the search_nested_keyrings function, when it iterates through the slots in a node(below tag ascend_to_node), if the slot pointer is meta and node->back_pointer != NULL(it means a root), it will proceed to descend_to_node. However, there is an exception. If node is the root, and one of the slots points to a shortcut, it will be treated as a keyring. 2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function. However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as ASSOC_ARRAY_PTR_SUBTYPE_MASK. 3. When 32 keys with the similar hashes are added to the tree, the ROOT has keys with hashes that are not similar (e.g. slot 0) and it splits NODE A without using a shortcut. When NODE A is filled with keys that all hashes are xxe6, the keys are similar, NODE A will split with a shortcut. Finally, it forms the tree as shown below, where slot 6 points to a shortcut. NODE A +------>+---+ ROOT | | 0 | xxe6 +---+ | +---+ xxxx | 0 | shortcut : : xxe6 +---+ | +---+ xxe6 : : | | | xxe6 +---+ | +---+ | 6 |---+ : : xxe6 +---+ +---+ xxe6 : : | f | xxe6 +---+ +---+ xxe6 | f | +---+ 4. As mentioned above, If a slot(slot 6) of the root points to a shortcut, it may be mistakenly transferred to a key*, leading to a read out-of-bounds read. To fix this issue, one should jump to descend_to_node if the ptr is a shortcut, regardless of whether the node is root or not. [1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/ [jarkko: tweaked the commit message a bit to have an appropriate closes tag.]

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c3ce634ad953ce48c…
	https://git.kernel.org/stable/c/4efb69a0e294ef201…
	https://git.kernel.org/stable/c/1e4332581cd4eed75…
	https://git.kernel.org/stable/c/199c20fb7499c7955…
	https://git.kernel.org/stable/c/bbad2d5b6c99db468…
	https://git.kernel.org/stable/c/3e79ad156bedf2da0…
	https://git.kernel.org/stable/c/e0a317ad68e4ea48a…
	https://git.kernel.org/stable/c/4a74da044ec9ec867…

Impacted products

Vendor

Product

Version

Linux

Affected: b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 , < c3ce634ad953ce48c75c39bdfd8b711dd95f346f (git)
Affected: b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 , < 4efb69a0e294ef201bcdf7ce3d6202cd0a545a5d (git)
Affected: b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 , < 1e4332581cd4eed75aea77af6f66cdcdda8b49b9 (git)
Affected: b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 , < 199c20fb7499c79557a075dc24e9a7dae7d9f1ce (git)
Affected: b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 , < bbad2d5b6c99db468d8f88b6ba6a56ed409b4881 (git)
Affected: b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 , < 3e79ad156bedf2da0ab909a118d2cec6c9c22b79 (git)
Affected: b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 , < e0a317ad68e4ea48a0158187238c5407e4fdec8b (git)
Affected: b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 , < 4a74da044ec9ec8679e6beccc4306b936b62873f (git)

Linux

Affected: 3.13
Unaffected: 0 , < 3.13 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50301",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:13:51.070925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:19.840Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:18.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/keys/keyring.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c3ce634ad953ce48c75c39bdfd8b711dd95f346f",
              "status": "affected",
              "version": "b2a4df200d570b2c33a57e1ebfa5896e4bc81b69",
              "versionType": "git"
            },
            {
              "lessThan": "4efb69a0e294ef201bcdf7ce3d6202cd0a545a5d",
              "status": "affected",
              "version": "b2a4df200d570b2c33a57e1ebfa5896e4bc81b69",
              "versionType": "git"
            },
            {
              "lessThan": "1e4332581cd4eed75aea77af6f66cdcdda8b49b9",
              "status": "affected",
              "version": "b2a4df200d570b2c33a57e1ebfa5896e4bc81b69",
              "versionType": "git"
            },
            {
              "lessThan": "199c20fb7499c79557a075dc24e9a7dae7d9f1ce",
              "status": "affected",
              "version": "b2a4df200d570b2c33a57e1ebfa5896e4bc81b69",
              "versionType": "git"
            },
            {
              "lessThan": "bbad2d5b6c99db468d8f88b6ba6a56ed409b4881",
              "status": "affected",
              "version": "b2a4df200d570b2c33a57e1ebfa5896e4bc81b69",
              "versionType": "git"
            },
            {
              "lessThan": "3e79ad156bedf2da0ab909a118d2cec6c9c22b79",
              "status": "affected",
              "version": "b2a4df200d570b2c33a57e1ebfa5896e4bc81b69",
              "versionType": "git"
            },
            {
              "lessThan": "e0a317ad68e4ea48a0158187238c5407e4fdec8b",
              "status": "affected",
              "version": "b2a4df200d570b2c33a57e1ebfa5896e4bc81b69",
              "versionType": "git"
            },
            {
              "lessThan": "4a74da044ec9ec8679e6beccc4306b936b62873f",
              "status": "affected",
              "version": "b2a4df200d570b2c33a57e1ebfa5896e4bc81b69",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/keys/keyring.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n   pattern \u00270xxxxxxxe6\u0027.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n   slots in a node(below tag ascend_to_node), if the slot pointer is meta\n   and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n   descend_to_node. However, there is an exception. If node is the root,\n   and one of the slots points to a shortcut, it will be treated as a\n   keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n   However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n   ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n   has keys with hashes that are not similar (e.g. slot 0) and it splits\n   NODE A without using a shortcut. When NODE A is filled with keys that\n   all hashes are xxe6, the keys are similar, NODE A will split with a\n   shortcut. Finally, it forms the tree as shown below, where slot 6 points\n   to a shortcut.\n\n                      NODE A\n              +------\u003e+---+\n      ROOT    |       | 0 | xxe6\n      +---+   |       +---+\n xxxx | 0 | shortcut  :   : xxe6\n      +---+   |       +---+\n xxe6 :   :   |       |   | xxe6\n      +---+   |       +---+\n      | 6 |---+       :   : xxe6\n      +---+           +---+\n xxe6 :   :           | f | xxe6\n      +---+           +---+\n xxe6 | f |\n      +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n   it may be mistakenly transferred to a key*, leading to a read\n   out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:51:13.203Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c3ce634ad953ce48c75c39bdfd8b711dd95f346f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4efb69a0e294ef201bcdf7ce3d6202cd0a545a5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e4332581cd4eed75aea77af6f66cdcdda8b49b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/199c20fb7499c79557a075dc24e9a7dae7d9f1ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/bbad2d5b6c99db468d8f88b6ba6a56ed409b4881"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e79ad156bedf2da0ab909a118d2cec6c9c22b79"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0a317ad68e4ea48a0158187238c5407e4fdec8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a74da044ec9ec8679e6beccc4306b936b62873f"
        }
      ],
      "title": "security/keys: fix slab-out-of-bounds in key_task_permission",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50301",
    "datePublished": "2024-11-19T01:30:49.982Z",
    "dateReserved": "2024-10-21T19:36:19.987Z",
    "dateUpdated": "2025-11-03T22:28:18.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27414 (GCVE-0-2024-27414)

Vulnerability from cvelistv5 – Published: 2024-05-17 11:50 – Updated: 2025-05-04 12:55

Title

rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back

Summary

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic in the function `rtnl_bridge_setlink` to enable the loop to also check the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment removed the `break` statement and led to an error logic of the flags writing back at the end of this function. if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!! Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS. However, this is not necessarily true fow now as the updated loop will let the attr point to the last NLA, even an invalid NLA which could cause overflow writes. This patch introduces a new variable `br_flag` to save the NLA pointer that points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned error logic.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b9fbc44159dfc3e9a…
	https://git.kernel.org/stable/c/882a51a10ecf24ce1…
	https://git.kernel.org/stable/c/a1227b27fcccc99dc…
	https://git.kernel.org/stable/c/f2261eb994aa5757c…
	https://git.kernel.org/stable/c/167d8642daa6a44b5…
	https://git.kernel.org/stable/c/831bc2728fb48a895…
	https://git.kernel.org/stable/c/743ad091fb46e622f…

Impacted products

Vendor

Product

Version

Linux

Affected: ad46d4861ed36315d3d9e838723ba3e367ecc042 , < b9fbc44159dfc3e9a7073032752d9e03f5194a6f (git)
Affected: abb0172fa8dc4a4ec51aa992b7269ed65959f310 , < 882a51a10ecf24ce135d573afa0872aef02c5125 (git)
Affected: 047508edd602921ee8bb0f2aa2100aa2e9bedc75 , < a1227b27fcccc99dc44f912b479e01a17e2d7d31 (git)
Affected: 8dfac8071d58447e5cace4c4c6fe493ce2f615f6 , < f2261eb994aa5757c1da046b78e3229a3ece0ad9 (git)
Affected: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f , < 167d8642daa6a44b51de17f8ff0f584e1e762db7 (git)
Affected: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f , < 831bc2728fb48a8957a824cba8c264b30dca1425 (git)
Affected: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f , < 743ad091fb46e622f1b690385bb15e3cd3daf874 (git)
Affected: 00757f58e37b2d9a6f99e15be484712390cd2bab (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27414",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:56:59.979228Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:46:58.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/rtnetlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b9fbc44159dfc3e9a7073032752d9e03f5194a6f",
              "status": "affected",
              "version": "ad46d4861ed36315d3d9e838723ba3e367ecc042",
              "versionType": "git"
            },
            {
              "lessThan": "882a51a10ecf24ce135d573afa0872aef02c5125",
              "status": "affected",
              "version": "abb0172fa8dc4a4ec51aa992b7269ed65959f310",
              "versionType": "git"
            },
            {
              "lessThan": "a1227b27fcccc99dc44f912b479e01a17e2d7d31",
              "status": "affected",
              "version": "047508edd602921ee8bb0f2aa2100aa2e9bedc75",
              "versionType": "git"
            },
            {
              "lessThan": "f2261eb994aa5757c1da046b78e3229a3ece0ad9",
              "status": "affected",
              "version": "8dfac8071d58447e5cace4c4c6fe493ce2f615f6",
              "versionType": "git"
            },
            {
              "lessThan": "167d8642daa6a44b51de17f8ff0f584e1e762db7",
              "status": "affected",
              "version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
              "versionType": "git"
            },
            {
              "lessThan": "831bc2728fb48a8957a824cba8c264b30dca1425",
              "status": "affected",
              "version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
              "versionType": "git"
            },
            {
              "lessThan": "743ad091fb46e622f1b690385bb15e3cd3daf874",
              "status": "affected",
              "version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "00757f58e37b2d9a6f99e15be484712390cd2bab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/rtnetlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "5.4.253",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "5.10.190",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "5.15.126",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "6.1.45",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back\n\nIn the commit d73ef2d69c0d (\"rtnetlink: let rtnl_bridge_setlink checks\nIFLA_BRIDGE_MODE length\"), an adjustment was made to the old loop logic\nin the function `rtnl_bridge_setlink` to enable the loop to also check\nthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustment\nremoved the `break` statement and led to an error logic of the flags\nwriting back at the end of this function.\n\nif (have_flags)\n    memcpy(nla_data(attr), \u0026flags, sizeof(flags));\n    // attr should point to IFLA_BRIDGE_FLAGS NLA !!!\n\nBefore the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.\nHowever, this is not necessarily true fow now as the updated loop will let\nthe attr point to the last NLA, even an invalid NLA which could cause\noverflow writes.\n\nThis patch introduces a new variable `br_flag` to save the NLA pointer\nthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned\nerror logic."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:42.575Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
        },
        {
          "url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
        },
        {
          "url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
        },
        {
          "url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
        }
      ],
      "title": "rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27414",
    "datePublished": "2024-05-17T11:50:57.207Z",
    "dateReserved": "2024-02-25T13:47:42.682Z",
    "dateUpdated": "2025-05-04T12:55:42.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46757 (GCVE-0-2024-46757)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-01-09 15:47

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-01-09T15:47:47.308Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46757",
    "datePublished": "2024-09-18T07:12:16.843Z",
    "dateRejected": "2025-01-09T15:47:47.308Z",
    "dateReserved": "2024-09-11T15:12:18.271Z",
    "dateUpdated": "2025-01-09T15:47:47.308Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26697 (GCVE-0-2024-26697)

Vulnerability from cvelistv5 – Published: 2024-04-03 14:54 – Updated: 2026-01-05 10:34

Title

nilfs2: fix data corruption in dsync block recovery for small block sizes

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount after an unclean shutdown, incorrectly calculates the on-page offset when copying repair data to the file's page cache. In environments where the block size is smaller than the page size, this flaw can cause data corruption and leak uninitialized memory bytes during the recovery process. Fix these issues by correcting this byte offset calculation on the page.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5278c3eb6bf589641…
	https://git.kernel.org/stable/c/a6efe6dbaaf504f5b…
	https://git.kernel.org/stable/c/364a66be2abdcd4fd…
	https://git.kernel.org/stable/c/120f7fa2008e3bd8b…
	https://git.kernel.org/stable/c/9c9c68d64fd3284f7…
	https://git.kernel.org/stable/c/2e1480538ef60bfee…
	https://git.kernel.org/stable/c/2000016bab499074e…
	https://git.kernel.org/stable/c/67b8bcbaed4777871…

Impacted products

Vendor

Product

Version

Linux

Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 5278c3eb6bf5896417572b52adb6be9d26e92f65 (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 364a66be2abdcd4fd426ffa44d9b8f40aafb3caa (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 120f7fa2008e3bd8b7680b4ab5df942decf60fd5 (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 9c9c68d64fd3284f7097ed6ae057c8441f39fcd3 (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 2000016bab499074e6248ea85aeea7dd762355d9 (git)
Affected: 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b , < 67b8bcbaed4777871bb0dcc888fb02a614a98ab1 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/364a66be2abdcd4fd426ffa44d9b8f40aafb3caa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/120f7fa2008e3bd8b7680b4ab5df942decf60fd5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9c9c68d64fd3284f7097ed6ae057c8441f39fcd3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2000016bab499074e6248ea85aeea7dd762355d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67b8bcbaed4777871bb0dcc888fb02a614a98ab1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:52:50.686290Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:29.604Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/recovery.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5278c3eb6bf5896417572b52adb6be9d26e92f65",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "364a66be2abdcd4fd426ffa44d9b8f40aafb3caa",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "120f7fa2008e3bd8b7680b4ab5df942decf60fd5",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "9c9c68d64fd3284f7097ed6ae057c8441f39fcd3",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "2000016bab499074e6248ea85aeea7dd762355d9",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            },
            {
              "lessThan": "67b8bcbaed4777871bb0dcc888fb02a614a98ab1",
              "status": "affected",
              "version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/recovery.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix data corruption in dsync block recovery for small block sizes\n\nThe helper function nilfs_recovery_copy_block() of\nnilfs_recovery_dsync_blocks(), which recovers data from logs created by\ndata sync writes during a mount after an unclean shutdown, incorrectly\ncalculates the on-page offset when copying repair data to the file\u0027s page\ncache.  In environments where the block size is smaller than the page\nsize, this flaw can cause data corruption and leak uninitialized memory\nbytes during the recovery process.\n\nFix these issues by correcting this byte offset calculation on the page."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:16.034Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/364a66be2abdcd4fd426ffa44d9b8f40aafb3caa"
        },
        {
          "url": "https://git.kernel.org/stable/c/120f7fa2008e3bd8b7680b4ab5df942decf60fd5"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c9c68d64fd3284f7097ed6ae057c8441f39fcd3"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2000016bab499074e6248ea85aeea7dd762355d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/67b8bcbaed4777871bb0dcc888fb02a614a98ab1"
        }
      ],
      "title": "nilfs2: fix data corruption in dsync block recovery for small block sizes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26697",
    "datePublished": "2024-04-03T14:54:57.848Z",
    "dateReserved": "2024-02-19T14:20:24.156Z",
    "dateUpdated": "2026-01-05T10:34:16.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-48881 (GCVE-0-2024-48881)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:25 – Updated: 2025-11-03 20:40

Title

bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

Summary

In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721. This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4379c5828492a4c2a…
	https://git.kernel.org/stable/c/336e30f32ae7c043f…
	https://git.kernel.org/stable/c/fb5fee35bdd18316a…
	https://git.kernel.org/stable/c/5202391970ffbf819…
	https://git.kernel.org/stable/c/cc05aa2c0117e20fa…
	https://git.kernel.org/stable/c/5e0e913624bcd24f3…
	https://git.kernel.org/stable/c/b2e382ae12a63560f…

Impacted products

Vendor

Product

Version

Linux

Affected: 0729029e647234fa1a94376b6edffec5c2cd75f6 , < 4379c5828492a4c2a651c8f826a01453bd2b80b0 (git)
Affected: db9439cef0b5efccf8021fe89f4953e0f901e85b , < 336e30f32ae7c043fde0f6fa21586ff30bea9fe2 (git)
Affected: 991e9c186a8ac6ab272a86e0ddc6f9733c38b867 , < fb5fee35bdd18316a84b5f30881a24e1415e1464 (git)
Affected: 68118c339c6e1e16ae017bef160dbe28a27ae9c8 , < 5202391970ffbf81975251b3526b890ba027b715 (git)
Affected: 028ddcac477b691dd9205c92f991cc15259d033e , < cc05aa2c0117e20fa25a3c0d915f98b8f2e78667 (git)
Affected: 028ddcac477b691dd9205c92f991cc15259d033e , < 5e0e913624bcd24f3de414475018d3023f060ee1 (git)
Affected: 028ddcac477b691dd9205c92f991cc15259d033e , < b2e382ae12a63560fca35050498e19e760adf8c0 (git)
Affected: fe75e8a0c20127a8dc95704f1a7ad6b82c9a0ef8 (git)
Affected: 0cabf9e164660e8d66c4810396046383a1110a69 (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-48881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:55:37.185480Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:21.982Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:40:59.667Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/bcache/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4379c5828492a4c2a651c8f826a01453bd2b80b0",
              "status": "affected",
              "version": "0729029e647234fa1a94376b6edffec5c2cd75f6",
              "versionType": "git"
            },
            {
              "lessThan": "336e30f32ae7c043fde0f6fa21586ff30bea9fe2",
              "status": "affected",
              "version": "db9439cef0b5efccf8021fe89f4953e0f901e85b",
              "versionType": "git"
            },
            {
              "lessThan": "fb5fee35bdd18316a84b5f30881a24e1415e1464",
              "status": "affected",
              "version": "991e9c186a8ac6ab272a86e0ddc6f9733c38b867",
              "versionType": "git"
            },
            {
              "lessThan": "5202391970ffbf81975251b3526b890ba027b715",
              "status": "affected",
              "version": "68118c339c6e1e16ae017bef160dbe28a27ae9c8",
              "versionType": "git"
            },
            {
              "lessThan": "cc05aa2c0117e20fa25a3c0d915f98b8f2e78667",
              "status": "affected",
              "version": "028ddcac477b691dd9205c92f991cc15259d033e",
              "versionType": "git"
            },
            {
              "lessThan": "5e0e913624bcd24f3de414475018d3023f060ee1",
              "status": "affected",
              "version": "028ddcac477b691dd9205c92f991cc15259d033e",
              "versionType": "git"
            },
            {
              "lessThan": "b2e382ae12a63560fca35050498e19e760adf8c0",
              "status": "affected",
              "version": "028ddcac477b691dd9205c92f991cc15259d033e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fe75e8a0c20127a8dc95704f1a7ad6b82c9a0ef8",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0cabf9e164660e8d66c4810396046383a1110a69",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/bcache/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.4.251",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.10.188",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.15.121",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "6.1.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.291",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: revert replacing IS_ERR_OR_NULL with IS_ERR again\n\nCommit 028ddcac477b (\"bcache: Remove unnecessary NULL point check in\nnode allocations\") leads a NULL pointer deference in cache_set_flush().\n\n1721         if (!IS_ERR_OR_NULL(c-\u003eroot))\n1722                 list_add(\u0026c-\u003eroot-\u003elist, \u0026c-\u003ebtree_cache);\n\n\u003eFrom the above code in cache_set_flush(), if previous registration code\nfails before allocating c-\u003eroot, it is possible c-\u003eroot is NULL as what\nit is initialized. __bch_btree_node_alloc() never returns NULL but\nc-\u003eroot is possible to be NULL at above line 1721.\n\nThis patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:59:05.443Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4379c5828492a4c2a651c8f826a01453bd2b80b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/336e30f32ae7c043fde0f6fa21586ff30bea9fe2"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb5fee35bdd18316a84b5f30881a24e1415e1464"
        },
        {
          "url": "https://git.kernel.org/stable/c/5202391970ffbf81975251b3526b890ba027b715"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc05aa2c0117e20fa25a3c0d915f98b8f2e78667"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e0e913624bcd24f3de414475018d3023f060ee1"
        },
        {
          "url": "https://git.kernel.org/stable/c/b2e382ae12a63560fca35050498e19e760adf8c0"
        }
      ],
      "title": "bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-48881",
    "datePublished": "2025-01-11T12:25:18.614Z",
    "dateReserved": "2025-01-09T09:50:31.739Z",
    "dateUpdated": "2025-11-03T20:40:59.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50265 (GCVE-0-2024-50265)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2025-11-03 22:27

Title

ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12 [ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry [ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004 [...] [ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [...] [ 57.331328] Call Trace: [ 57.331477] <TASK> [...] [ 57.333511] ? do_user_addr_fault+0x3e5/0x740 [ 57.333778] ? exc_page_fault+0x70/0x170 [ 57.334016] ? asm_exc_page_fault+0x2b/0x30 [ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10 [ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0 [ 57.335164] ocfs2_xa_set+0x704/0xcf0 [ 57.335381] ? _raw_spin_unlock+0x1a/0x40 [ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20 [ 57.335915] ? trace_preempt_on+0x1e/0x70 [ 57.336153] ? start_this_handle+0x16c/0x500 [ 57.336410] ? preempt_count_sub+0x50/0x80 [ 57.336656] ? _raw_read_unlock+0x20/0x40 [ 57.336906] ? start_this_handle+0x16c/0x500 [ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0 [ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0 [ 57.337706] ? ocfs2_start_trans+0x13d/0x290 [ 57.337971] ocfs2_xattr_set+0xb13/0xfb0 [ 57.338207] ? dput+0x46/0x1c0 [ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338948] __vfs_removexattr+0x92/0xc0 [ 57.339182] __vfs_removexattr_locked+0xd5/0x190 [ 57.339456] ? preempt_count_sub+0x50/0x80 [ 57.339705] vfs_removexattr+0x5f/0x100 [...] Reproducer uses faultinject facility to fail ocfs2_xa_remove() -> ocfs2_xa_value_truncate() with -ENOMEM. In this case the comment mentions that we can return 0 if ocfs2_xa_cleanup_value_truncate() is going to wipe the entry anyway. But the following 'rc' check is wrong and execution flow do 'ocfs2_xa_remove_entry(loc);' twice: * 1st: in ocfs2_xa_cleanup_value_truncate(); * 2nd: returning back to ocfs2_xa_remove() instead of going to 'out'. Fix this by skipping the 2nd removal of the same entry and making syzkaller repro happy.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/38cbf13b2e7a31362…
	https://git.kernel.org/stable/c/168a9b8303fcb0317…
	https://git.kernel.org/stable/c/6a7e6dcf90fe7721d…
	https://git.kernel.org/stable/c/dcc8fe8c83145041c…
	https://git.kernel.org/stable/c/86dd0e8d42828923c…
	https://git.kernel.org/stable/c/dd73c942eed76a014…
	https://git.kernel.org/stable/c/2b5369528ee63c883…
	https://git.kernel.org/stable/c/0b63c0e01fba40e39…

Impacted products

Vendor

Product

Version

Linux

Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 38cbf13b2e7a31362babe411f7c2c3c52cd2734b (git)
Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 168a9b8303fcb0317db4c06b23ce1c0ce2af4e10 (git)
Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 6a7e6dcf90fe7721d0863067b6ca9a9442134692 (git)
Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < dcc8fe8c83145041cb6c80cac21f6173a3ff0204 (git)
Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 86dd0e8d42828923c68ad506933336bcd6f2317d (git)
Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < dd73c942eed76a014c7a5597e6926435274d2c4c (git)
Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 2b5369528ee63c88371816178a05b5e664c87386 (git)
Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 0b63c0e01fba40e3992bc627272ec7b618ccaef7 (git)

Linux

Affected: 2.6.34
Unaffected: 0 , < 2.6.34 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:15:20.154823Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:23.985Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:27:45.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "38cbf13b2e7a31362babe411f7c2c3c52cd2734b",
              "status": "affected",
              "version": "399ff3a748cf4c8c853e96dd477153202636527b",
              "versionType": "git"
            },
            {
              "lessThan": "168a9b8303fcb0317db4c06b23ce1c0ce2af4e10",
              "status": "affected",
              "version": "399ff3a748cf4c8c853e96dd477153202636527b",
              "versionType": "git"
            },
            {
              "lessThan": "6a7e6dcf90fe7721d0863067b6ca9a9442134692",
              "status": "affected",
              "version": "399ff3a748cf4c8c853e96dd477153202636527b",
              "versionType": "git"
            },
            {
              "lessThan": "dcc8fe8c83145041cb6c80cac21f6173a3ff0204",
              "status": "affected",
              "version": "399ff3a748cf4c8c853e96dd477153202636527b",
              "versionType": "git"
            },
            {
              "lessThan": "86dd0e8d42828923c68ad506933336bcd6f2317d",
              "status": "affected",
              "version": "399ff3a748cf4c8c853e96dd477153202636527b",
              "versionType": "git"
            },
            {
              "lessThan": "dd73c942eed76a014c7a5597e6926435274d2c4c",
              "status": "affected",
              "version": "399ff3a748cf4c8c853e96dd477153202636527b",
              "versionType": "git"
            },
            {
              "lessThan": "2b5369528ee63c88371816178a05b5e664c87386",
              "status": "affected",
              "version": "399ff3a748cf4c8c853e96dd477153202636527b",
              "versionType": "git"
            },
            {
              "lessThan": "0b63c0e01fba40e3992bc627272ec7b618ccaef7",
              "status": "affected",
              "version": "399ff3a748cf4c8c853e96dd477153202636527b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.34"
            },
            {
              "lessThan": "2.6.34",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()\n\nSyzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():\n\n[   57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12\n[   57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper.  Leaking 1 clusters and removing the entry\n[   57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004\n[...]\n[   57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[...]\n[   57.331328] Call Trace:\n[   57.331477]  \u003cTASK\u003e\n[...]\n[   57.333511]  ? do_user_addr_fault+0x3e5/0x740\n[   57.333778]  ? exc_page_fault+0x70/0x170\n[   57.334016]  ? asm_exc_page_fault+0x2b/0x30\n[   57.334263]  ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10\n[   57.334596]  ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[   57.334913]  ocfs2_xa_remove_entry+0x23/0xc0\n[   57.335164]  ocfs2_xa_set+0x704/0xcf0\n[   57.335381]  ? _raw_spin_unlock+0x1a/0x40\n[   57.335620]  ? ocfs2_inode_cache_unlock+0x16/0x20\n[   57.335915]  ? trace_preempt_on+0x1e/0x70\n[   57.336153]  ? start_this_handle+0x16c/0x500\n[   57.336410]  ? preempt_count_sub+0x50/0x80\n[   57.336656]  ? _raw_read_unlock+0x20/0x40\n[   57.336906]  ? start_this_handle+0x16c/0x500\n[   57.337162]  ocfs2_xattr_block_set+0xa6/0x1e0\n[   57.337424]  __ocfs2_xattr_set_handle+0x1fd/0x5d0\n[   57.337706]  ? ocfs2_start_trans+0x13d/0x290\n[   57.337971]  ocfs2_xattr_set+0xb13/0xfb0\n[   57.338207]  ? dput+0x46/0x1c0\n[   57.338393]  ocfs2_xattr_trusted_set+0x28/0x30\n[   57.338665]  ? ocfs2_xattr_trusted_set+0x28/0x30\n[   57.338948]  __vfs_removexattr+0x92/0xc0\n[   57.339182]  __vfs_removexattr_locked+0xd5/0x190\n[   57.339456]  ? preempt_count_sub+0x50/0x80\n[   57.339705]  vfs_removexattr+0x5f/0x100\n[...]\n\nReproducer uses faultinject facility to fail ocfs2_xa_remove() -\u003e\nocfs2_xa_value_truncate() with -ENOMEM.\n\nIn this case the comment mentions that we can return 0 if\nocfs2_xa_cleanup_value_truncate() is going to wipe the entry\nanyway. But the following \u0027rc\u0027 check is wrong and execution flow do\n\u0027ocfs2_xa_remove_entry(loc);\u0027 twice:\n* 1st: in ocfs2_xa_cleanup_value_truncate();\n* 2nd: returning back to ocfs2_xa_remove() instead of going to \u0027out\u0027.\n\nFix this by skipping the 2nd removal of the same entry and making\nsyzkaller repro happy."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:50:16.844Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/38cbf13b2e7a31362babe411f7c2c3c52cd2734b"
        },
        {
          "url": "https://git.kernel.org/stable/c/168a9b8303fcb0317db4c06b23ce1c0ce2af4e10"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a7e6dcf90fe7721d0863067b6ca9a9442134692"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcc8fe8c83145041cb6c80cac21f6173a3ff0204"
        },
        {
          "url": "https://git.kernel.org/stable/c/86dd0e8d42828923c68ad506933336bcd6f2317d"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd73c942eed76a014c7a5597e6926435274d2c4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b5369528ee63c88371816178a05b5e664c87386"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b63c0e01fba40e3992bc627272ec7b618ccaef7"
        }
      ],
      "title": "ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50265",
    "datePublished": "2024-11-19T01:30:00.861Z",
    "dateReserved": "2024-10-21T19:36:19.982Z",
    "dateUpdated": "2025-11-03T22:27:45.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-44879 (GCVE-0-2021-44879)

Vulnerability from cvelistv5 – Published: 2022-02-13 00:00 – Updated: 2024-08-04 04:32

Summary

In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…
	https://bugzilla.kernel.org/show_bug.cgi?id=215231
	https://lore.kernel.org/linux-f2fs-devel/20211206…
	https://git.kernel.org/pub/scm/linux/kernel/git/t…
	https://lists.debian.org/debian-lts-announce/2024…	mailing-list
	https://lists.debian.org/debian-lts-announce/2024…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215231"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/linux-f2fs-devel/20211206144421.3735-3-chao%40kernel.org/T/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9056d6489f5a41cfbb67f719d2c0ce61ead72d9f"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T21:06:29.625692",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3"
        },
        {
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215231"
        },
        {
          "url": "https://lore.kernel.org/linux-f2fs-devel/20211206144421.3735-3-chao%40kernel.org/T/"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9056d6489f5a41cfbb67f719d2c0ce61ead72d9f"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44879",
    "datePublished": "2022-02-13T00:00:00",
    "dateReserved": "2021-12-13T00:00:00",
    "dateUpdated": "2024-08-04T04:32:13.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46731 (GCVE-0-2024-46731)

Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2026-01-05 10:52

Title

drm/amd/pm: fix the Out-of-bounds read warning

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/38e32a0d837443c91…
	https://git.kernel.org/stable/c/3317966efcdc5101e…
	https://git.kernel.org/stable/c/20c6373a6be93039f…
	https://git.kernel.org/stable/c/f1e261ced9bcad772…
	https://git.kernel.org/stable/c/d83fb9f9f63e9a120…
	https://git.kernel.org/stable/c/12c6967428a099bbb…

Impacted products

Vendor

Product

Version

Linux

Affected: c82baa28184356a75c0157129f88af42b2e7b695 , < 38e32a0d837443c91c4b615a067b976cfb925376 (git)
Affected: c82baa28184356a75c0157129f88af42b2e7b695 , < 3317966efcdc5101e93db21514b68917e7eb34ea (git)
Affected: c82baa28184356a75c0157129f88af42b2e7b695 , < 20c6373a6be93039f9d66029bb1e21038a060be1 (git)
Affected: c82baa28184356a75c0157129f88af42b2e7b695 , < f1e261ced9bcad772a45a2fcdf413c3490e87299 (git)
Affected: c82baa28184356a75c0157129f88af42b2e7b695 , < d83fb9f9f63e9a120bf405b078f829f0b2e58934 (git)
Affected: c82baa28184356a75c0157129f88af42b2e7b695 , < 12c6967428a099bbba9dfd247bb4322a984fcc0b (git)

Linux

Affected: 4.5
Unaffected: 0 , < 4.5 (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46731",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:54:09.443124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:54:23.264Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:13.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "38e32a0d837443c91c4b615a067b976cfb925376",
              "status": "affected",
              "version": "c82baa28184356a75c0157129f88af42b2e7b695",
              "versionType": "git"
            },
            {
              "lessThan": "3317966efcdc5101e93db21514b68917e7eb34ea",
              "status": "affected",
              "version": "c82baa28184356a75c0157129f88af42b2e7b695",
              "versionType": "git"
            },
            {
              "lessThan": "20c6373a6be93039f9d66029bb1e21038a060be1",
              "status": "affected",
              "version": "c82baa28184356a75c0157129f88af42b2e7b695",
              "versionType": "git"
            },
            {
              "lessThan": "f1e261ced9bcad772a45a2fcdf413c3490e87299",
              "status": "affected",
              "version": "c82baa28184356a75c0157129f88af42b2e7b695",
              "versionType": "git"
            },
            {
              "lessThan": "d83fb9f9f63e9a120bf405b078f829f0b2e58934",
              "status": "affected",
              "version": "c82baa28184356a75c0157129f88af42b2e7b695",
              "versionType": "git"
            },
            {
              "lessThan": "12c6967428a099bbba9dfd247bb4322a984fcc0b",
              "status": "affected",
              "version": "c82baa28184356a75c0157129f88af42b2e7b695",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:57.039Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376"
        },
        {
          "url": "https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299"
        },
        {
          "url": "https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934"
        },
        {
          "url": "https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b"
        }
      ],
      "title": "drm/amd/pm: fix the Out-of-bounds read warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46731",
    "datePublished": "2024-09-18T06:32:26.145Z",
    "dateReserved": "2024-09-11T15:12:18.257Z",
    "dateUpdated": "2026-01-05T10:52:57.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52602 (GCVE-0-2023-52602)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2026-01-05 10:16

Title

jfs: fix slab-out-of-bounds Read in dtSearch

Summary

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in dtSearch Currently while searching for current page in the sorted entry table of the page there is a out of bound access. Added a bound check to fix the error. Dave: Set return code to -EIO

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ce8bc22e948634a5c…
	https://git.kernel.org/stable/c/1b9d6828589d57f94…
	https://git.kernel.org/stable/c/1c40ca3d39d769931…
	https://git.kernel.org/stable/c/6c6a96c3d74df185e…
	https://git.kernel.org/stable/c/cab0c265ba182fd26…
	https://git.kernel.org/stable/c/7110650b85dd2f1ce…
	https://git.kernel.org/stable/c/bff9d4078a232c01e…
	https://git.kernel.org/stable/c/fa5492ee89463a759…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ce8bc22e948634a5c0a3fa58a179177d0e3f3950 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1b9d6828589d57f94a23fb1c46112cda39d7efdb (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1c40ca3d39d769931b28295b3145c25f1decf5a6 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6c6a96c3d74df185ee344977d46944d6f33bb4dd (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cab0c265ba182fd266c2aa3c69d7e40640a7f612 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7110650b85dd2f1cee819acd1345a9013a1a62f7 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < bff9d4078a232c01e42e9377d005fb2f4d31a472 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fa5492ee89463a7590a1449358002ff7ef63529f (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "ce8bc22e9486",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              },
              {
                "lessThan": "1b9d6828589d",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              },
              {
                "lessThan": "1c40ca3d39d7",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              },
              {
                "lessThan": "6c6a96c3d74d",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              },
              {
                "lessThan": "cab0c265ba18",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              },
              {
                "lessThan": "7110650b85dd",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              },
              {
                "lessThan": "bff9d4078a23",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              },
              {
                "lessThan": "fa5492ee8946",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.307",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.269",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.210",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.149",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.77",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.16",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.8",
                "status": "unaffected",
                "version": "6.7.4",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "*",
                "status": "unaffected",
                "version": "6.8",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52602",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T15:55:18.699623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T15:55:56.866Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ce8bc22e948634a5c0a3fa58a179177d0e3f3950"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b9d6828589d57f94a23fb1c46112cda39d7efdb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c40ca3d39d769931b28295b3145c25f1decf5a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6c6a96c3d74df185ee344977d46944d6f33bb4dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cab0c265ba182fd266c2aa3c69d7e40640a7f612"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7110650b85dd2f1cee819acd1345a9013a1a62f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bff9d4078a232c01e42e9377d005fb2f4d31a472"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa5492ee89463a7590a1449358002ff7ef63529f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ce8bc22e948634a5c0a3fa58a179177d0e3f3950",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1b9d6828589d57f94a23fb1c46112cda39d7efdb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1c40ca3d39d769931b28295b3145c25f1decf5a6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6c6a96c3d74df185ee344977d46944d6f33bb4dd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cab0c265ba182fd266c2aa3c69d7e40640a7f612",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7110650b85dd2f1cee819acd1345a9013a1a62f7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bff9d4078a232c01e42e9377d005fb2f4d31a472",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fa5492ee89463a7590a1449358002ff7ef63529f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix slab-out-of-bounds Read in dtSearch\n\nCurrently while searching for current page in the sorted entry table\nof the page there is a out of bound access. Added a bound check to fix\nthe error.\n\nDave:\nSet return code to -EIO"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:34.853Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ce8bc22e948634a5c0a3fa58a179177d0e3f3950"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b9d6828589d57f94a23fb1c46112cda39d7efdb"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c40ca3d39d769931b28295b3145c25f1decf5a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c6a96c3d74df185ee344977d46944d6f33bb4dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/cab0c265ba182fd266c2aa3c69d7e40640a7f612"
        },
        {
          "url": "https://git.kernel.org/stable/c/7110650b85dd2f1cee819acd1345a9013a1a62f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/bff9d4078a232c01e42e9377d005fb2f4d31a472"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa5492ee89463a7590a1449358002ff7ef63529f"
        }
      ],
      "title": "jfs: fix slab-out-of-bounds Read in dtSearch",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52602",
    "datePublished": "2024-03-06T06:45:29.227Z",
    "dateReserved": "2024-03-02T21:55:42.573Z",
    "dateUpdated": "2026-01-05T10:16:34.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56746 (GCVE-0-2024-56746)

Vulnerability from cvelistv5 – Published: 2024-12-29 11:30 – Updated: 2025-11-03 20:53

Title

fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

Summary

In the Linux kernel, the following vulnerability has been resolved: fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() When information such as info->screen_base is not ready, calling sh7760fb_free_mem() does not release memory correctly. Call dma_free_coherent() instead.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0d3fb3b3e9d66f7b6…
	https://git.kernel.org/stable/c/d48cbfa90dce50603…
	https://git.kernel.org/stable/c/29216bb390e36daee…
	https://git.kernel.org/stable/c/f4fbd70e15fafe36a…
	https://git.kernel.org/stable/c/40f4326ed05a3b353…
	https://git.kernel.org/stable/c/3dd9df8e5f34c6fc4…
	https://git.kernel.org/stable/c/d10cd53e5a7fb3b7c…
	https://git.kernel.org/stable/c/bad37309c8b8bf1cf…
	https://git.kernel.org/stable/c/f89d17ae2ac42931b…

Impacted products

Vendor

Product

Version

Linux

Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < 0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < d48cbfa90dce506030151915fa3346d67f964af4 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < 29216bb390e36daeebef66abaa02d9751330252b (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < f4fbd70e15fafe36a7583954ce189aaf5536aeec (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < 40f4326ed05a3b3537556ff2a844958b9e779a98 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < 3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < bad37309c8b8bf1cfc893750df0951a804009ca0 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < f89d17ae2ac42931be2a0153fecbf8533280c927 (git)

Linux

Affected: 2.6.27
Unaffected: 0 , < 2.6.27 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T20:10:09.532798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T20:15:51.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:53:35.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/sh7760fb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "d48cbfa90dce506030151915fa3346d67f964af4",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "29216bb390e36daeebef66abaa02d9751330252b",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "f4fbd70e15fafe36a7583954ce189aaf5536aeec",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "40f4326ed05a3b3537556ff2a844958b9e779a98",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "bad37309c8b8bf1cfc893750df0951a804009ca0",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "f89d17ae2ac42931be2a0153fecbf8533280c927",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/sh7760fb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()\n\nWhen information such as info-\u003escreen_base is not ready, calling\nsh7760fb_free_mem() does not release memory correctly. Call\ndma_free_coherent() instead."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:03:44.694Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/d48cbfa90dce506030151915fa3346d67f964af4"
        },
        {
          "url": "https://git.kernel.org/stable/c/29216bb390e36daeebef66abaa02d9751330252b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4fbd70e15fafe36a7583954ce189aaf5536aeec"
        },
        {
          "url": "https://git.kernel.org/stable/c/40f4326ed05a3b3537556ff2a844958b9e779a98"
        },
        {
          "url": "https://git.kernel.org/stable/c/3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/bad37309c8b8bf1cfc893750df0951a804009ca0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f89d17ae2ac42931be2a0153fecbf8533280c927"
        }
      ],
      "title": "fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56746",
    "datePublished": "2024-12-29T11:30:13.074Z",
    "dateReserved": "2024-12-29T11:26:39.758Z",
    "dateUpdated": "2025-11-03T20:53:35.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56596 (GCVE-0-2024-56596)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2026-01-05 10:55

Title

jfs: fix array-index-out-of-bounds in jfs_readdir

Summary

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might contain some invalid values. Added a check to return error code in that case.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-129 - Improper Validation of Array Index

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b62f41aeec9d25014…
	https://git.kernel.org/stable/c/97e693593162eef68…
	https://git.kernel.org/stable/c/9efe72eefd4c4a7ce…
	https://git.kernel.org/stable/c/ff9fc48fab0e1ea0d…
	https://git.kernel.org/stable/c/e7d376f94f72b020f…
	https://git.kernel.org/stable/c/8ff7579554571d92e…
	https://git.kernel.org/stable/c/839f102efb168f02d…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b62f41aeec9d250144c53875b507c1d45ae8c8fc (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 97e693593162eef6851d232f0c8148169ed46a5c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9efe72eefd4c4a7ce63b3e4d667d766d2b360cb4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ff9fc48fab0e1ea0d423c23c99b91bba178f0b05 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e7d376f94f72b020f84e77278b150ec1cc27502c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8ff7579554571d92e3deab168f5a7d7b146ed368 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 839f102efb168f02dfdd46717b7c6dddb26b015e (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:01:31.920173Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-129",
                "description": "CWE-129 Improper Validation of Array Index",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:14.017Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:27.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b62f41aeec9d250144c53875b507c1d45ae8c8fc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "97e693593162eef6851d232f0c8148169ed46a5c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9efe72eefd4c4a7ce63b3e4d667d766d2b360cb4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ff9fc48fab0e1ea0d423c23c99b91bba178f0b05",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e7d376f94f72b020f84e77278b150ec1cc27502c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8ff7579554571d92e3deab168f5a7d7b146ed368",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "839f102efb168f02dfdd46717b7c6dddb26b015e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in jfs_readdir\n\nThe stbl might contain some invalid values. Added a check to\nreturn error code in that case."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:58.987Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b62f41aeec9d250144c53875b507c1d45ae8c8fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/97e693593162eef6851d232f0c8148169ed46a5c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9efe72eefd4c4a7ce63b3e4d667d766d2b360cb4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff9fc48fab0e1ea0d423c23c99b91bba178f0b05"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7d376f94f72b020f84e77278b150ec1cc27502c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ff7579554571d92e3deab168f5a7d7b146ed368"
        },
        {
          "url": "https://git.kernel.org/stable/c/839f102efb168f02dfdd46717b7c6dddb26b015e"
        }
      ],
      "title": "jfs: fix array-index-out-of-bounds in jfs_readdir",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56596",
    "datePublished": "2024-12-27T14:51:03.282Z",
    "dateReserved": "2024-12-27T14:03:06.010Z",
    "dateUpdated": "2026-01-05T10:55:58.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43879 (GCVE-0-2024-43879)

Vulnerability from cvelistv5 – Published: 2024-08-21 00:06 – Updated: 2025-11-03 22:06

Title

wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211] Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/45d20a1c54be4f317…
	https://git.kernel.org/stable/c/b289ebb0516526cb4…
	https://git.kernel.org/stable/c/2e201b3d162c6c494…
	https://git.kernel.org/stable/c/576c64622649f3ec0…
	https://git.kernel.org/stable/c/16ad67e73309db0c2…
	https://git.kernel.org/stable/c/67b5f1054197e4f55…
	https://git.kernel.org/stable/c/19eaf4f2f5a981f55…
	https://git.kernel.org/stable/c/bcbd771cd5d68c0c5…

Impacted products

Vendor

Product

Version

Linux

Affected: c4cbaf7973a794839af080f13748335976cf3f3f , < 45d20a1c54be4f3173862c7b950d4468447814c9 (git)
Affected: c4cbaf7973a794839af080f13748335976cf3f3f , < b289ebb0516526cb4abae081b7ec29fd4fa1209d (git)
Affected: c4cbaf7973a794839af080f13748335976cf3f3f , < 2e201b3d162c6c49417c438ffb30b58c9f85769f (git)
Affected: c4cbaf7973a794839af080f13748335976cf3f3f , < 576c64622649f3ec07e97bac8fec8b8a2ef4d086 (git)
Affected: c4cbaf7973a794839af080f13748335976cf3f3f , < 16ad67e73309db0c20cc2a651992bd01c05e6b27 (git)
Affected: c4cbaf7973a794839af080f13748335976cf3f3f , < 67b5f1054197e4f5553047759c15c1d67d4c8142 (git)
Affected: c4cbaf7973a794839af080f13748335976cf3f3f , < 19eaf4f2f5a981f55a265242ada2bf92b0c742dd (git)
Affected: c4cbaf7973a794839af080f13748335976cf3f3f , < bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (git)

Linux

Affected: 4.19
Unaffected: 0 , < 4.19 (semver)
Unaffected: 4.19.320 , ≤ 4.19.* (semver)
Unaffected: 5.4.282 , ≤ 5.4.* (semver)
Unaffected: 5.10.224 , ≤ 5.10.* (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.103 , ≤ 6.1.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43879",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:05:54.386411Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:17.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:06:30.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/util.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "45d20a1c54be4f3173862c7b950d4468447814c9",
              "status": "affected",
              "version": "c4cbaf7973a794839af080f13748335976cf3f3f",
              "versionType": "git"
            },
            {
              "lessThan": "b289ebb0516526cb4abae081b7ec29fd4fa1209d",
              "status": "affected",
              "version": "c4cbaf7973a794839af080f13748335976cf3f3f",
              "versionType": "git"
            },
            {
              "lessThan": "2e201b3d162c6c49417c438ffb30b58c9f85769f",
              "status": "affected",
              "version": "c4cbaf7973a794839af080f13748335976cf3f3f",
              "versionType": "git"
            },
            {
              "lessThan": "576c64622649f3ec07e97bac8fec8b8a2ef4d086",
              "status": "affected",
              "version": "c4cbaf7973a794839af080f13748335976cf3f3f",
              "versionType": "git"
            },
            {
              "lessThan": "16ad67e73309db0c20cc2a651992bd01c05e6b27",
              "status": "affected",
              "version": "c4cbaf7973a794839af080f13748335976cf3f3f",
              "versionType": "git"
            },
            {
              "lessThan": "67b5f1054197e4f5553047759c15c1d67d4c8142",
              "status": "affected",
              "version": "c4cbaf7973a794839af080f13748335976cf3f3f",
              "versionType": "git"
            },
            {
              "lessThan": "19eaf4f2f5a981f55a265242ada2bf92b0c742dd",
              "status": "affected",
              "version": "c4cbaf7973a794839af080f13748335976cf3f3f",
              "versionType": "git"
            },
            {
              "lessThan": "bcbd771cd5d68c0c52567556097d75f9fc4e7cd6",
              "status": "affected",
              "version": "c4cbaf7973a794839af080f13748335976cf3f3f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/util.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.103",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:28:24.961Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f"
        },
        {
          "url": "https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086"
        },
        {
          "url": "https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27"
        },
        {
          "url": "https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142"
        },
        {
          "url": "https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6"
        }
      ],
      "title": "wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43879",
    "datePublished": "2024-08-21T00:06:31.488Z",
    "dateReserved": "2024-08-17T09:11:59.286Z",
    "dateUpdated": "2025-11-03T22:06:30.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52607 (GCVE-0-2023-52607)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2025-05-21 08:49

Title

powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/21e45a7b08d7cd98d…
	https://git.kernel.org/stable/c/f6781add1c311c17e…
	https://git.kernel.org/stable/c/aa28eecb43cac6e20…
	https://git.kernel.org/stable/c/ac3ed969a40357b05…
	https://git.kernel.org/stable/c/d482d61025e303a2b…
	https://git.kernel.org/stable/c/145febd85c3bcc5c7…
	https://git.kernel.org/stable/c/ffd29dc45bc035539…
	https://git.kernel.org/stable/c/f46c8a75263f97bda…

Impacted products

Vendor

Product

Version

Linux

Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < 21e45a7b08d7cd98d6a53c5fc5111879f2d96611 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < f6781add1c311c17eff43e14c786004bbacf901e (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < ac3ed969a40357b0542d20f096a6d43acdfa6cc7 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < d482d61025e303a2bef3733a011b6b740215cfa1 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < 145febd85c3bcc5c74d87ef9a598fc7d9122d532 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < ffd29dc45bc0355393859049f6becddc3ed08f74 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < f46c8a75263f97bda13c739ba1c90aced0d3b071 (git)

Linux

Affected: 2.6.33
Unaffected: 0 , < 2.6.33 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52607",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-06T15:59:58.884148Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T21:10:22.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/mm/init-common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21e45a7b08d7cd98d6a53c5fc5111879f2d96611",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "f6781add1c311c17eff43e14c786004bbacf901e",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "ac3ed969a40357b0542d20f096a6d43acdfa6cc7",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "d482d61025e303a2bef3733a011b6b740215cfa1",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "145febd85c3bcc5c74d87ef9a598fc7d9122d532",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "ffd29dc45bc0355393859049f6becddc3ed08f74",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "f46c8a75263f97bda13c739ba1c90aced0d3b071",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/mm/init-common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T08:49:48.846Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1"
        },
        {
          "url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74"
        },
        {
          "url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071"
        }
      ],
      "title": "powerpc/mm: Fix null-pointer dereference in pgtable_cache_add",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52607",
    "datePublished": "2024-03-06T06:45:31.769Z",
    "dateReserved": "2024-03-02T21:55:42.574Z",
    "dateUpdated": "2025-05-21T08:49:48.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52603 (GCVE-0-2023-52603)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2026-01-05 10:16

Title

UBSAN: array-index-out-of-bounds in dtSplitRoot

Summary

In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9 index -2 is out of range for type 'struct dtslot [128]' CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283 dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971 dtSplitUp fs/jfs/jfs_dtree.c:985 [inline] dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863 jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270 vfs_mkdir+0x3b3/0x590 fs/namei.c:4013 do_mkdirat+0x279/0x550 fs/namei.c:4038 __do_sys_mkdirat fs/namei.c:4053 [inline] __se_sys_mkdirat fs/namei.c:4051 [inline] __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fcdc0113fd9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9 RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 RBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0 R10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000 R13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000 </TASK> The issue is caused when the value of fsi becomes less than -1. The check to break the loop when fsi value becomes -1 is present but syzbot was able to produce value less than -1 which cause the error. This patch simply add the change for the values less than 0. The patch is tested via syzbot.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e30b52a2ea3d1e0aa…
	https://git.kernel.org/stable/c/fd3486a8937787705…
	https://git.kernel.org/stable/c/7aa33854477d9c346…
	https://git.kernel.org/stable/c/e4ce01c25ccbea02a…
	https://git.kernel.org/stable/c/e4cbc857d75d4e22a…
	https://git.kernel.org/stable/c/edff092a59260bf0b…
	https://git.kernel.org/stable/c/6e2902ecc77e9760a…
	https://git.kernel.org/stable/c/27e56f59bab5ddafb…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fd3486a893778770557649fe28afa5e463d4ed07 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7aa33854477d9c346f5560a1a1fcb3fe7783e2a8 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e4ce01c25ccbea02a09a5291c21749b1fc358e39 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e4cbc857d75d4e22a1f75446e7480b1f305d8d60 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < edff092a59260bf0b0a2eba219cb3da6372c2f9f (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6e2902ecc77e9760a9fc447f56d598383e2372d2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T20:37:06.643976Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T20:37:16.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fd3486a893778770557649fe28afa5e463d4ed07",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7aa33854477d9c346f5560a1a1fcb3fe7783e2a8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e4ce01c25ccbea02a09a5291c21749b1fc358e39",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e4cbc857d75d4e22a1f75446e7480b1f305d8d60",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "edff092a59260bf0b0a2eba219cb3da6372c2f9f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6e2902ecc77e9760a9fc447f56d598383e2372d2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUBSAN: array-index-out-of-bounds in dtSplitRoot\n\nSyzkaller reported the following issue:\n\noop0: detected capacity change from 0 to 32768\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9\nindex -2 is out of range for type \u0027struct dtslot [128]\u0027\nCPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283\n dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971\n dtSplitUp fs/jfs/jfs_dtree.c:985 [inline]\n dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863\n jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270\n vfs_mkdir+0x3b3/0x590 fs/namei.c:4013\n do_mkdirat+0x279/0x550 fs/namei.c:4038\n __do_sys_mkdirat fs/namei.c:4053 [inline]\n __se_sys_mkdirat fs/namei.c:4051 [inline]\n __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fcdc0113fd9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9\nRDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003\nRBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0\nR10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000\nR13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThe issue is caused when the value of fsi becomes less than -1.\nThe check to break the loop when fsi value becomes -1 is present\nbut syzbot was able to produce value less than -1 which cause the error.\nThis patch simply add the change for the values less than 0.\n\nThe patch is tested via syzbot."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:36.224Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07"
        },
        {
          "url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60"
        },
        {
          "url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16"
        }
      ],
      "title": "UBSAN: array-index-out-of-bounds in dtSplitRoot",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52603",
    "datePublished": "2024-03-06T06:45:29.731Z",
    "dateReserved": "2024-03-02T21:55:42.573Z",
    "dateUpdated": "2026-01-05T10:16:36.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46676 (GCVE-0-2024-46676)

Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2025-11-03 22:16

Title

nfc: pn533: Add poll mod list filling check

Summary

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Add poll mod list filling check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c5e05237444f32f6c…
	https://git.kernel.org/stable/c/8ddaea033de051ed6…
	https://git.kernel.org/stable/c/7535db0624a2dede3…
	https://git.kernel.org/stable/c/7ecd3dd4f8eecd330…
	https://git.kernel.org/stable/c/56ad559cf6d87f250…
	https://git.kernel.org/stable/c/64513d0e546a1f19e…
	https://git.kernel.org/stable/c/febccb39255f9df35…

Impacted products

Vendor

Product

Version

Linux

Affected: dfccd0f580445d176acea174175b3e6518cc91f7 , < c5e05237444f32f6cfe5d907603a232c77a08b31 (git)
Affected: dfccd0f580445d176acea174175b3e6518cc91f7 , < 8ddaea033de051ed61b39f6b69ad54a411172b33 (git)
Affected: dfccd0f580445d176acea174175b3e6518cc91f7 , < 7535db0624a2dede374c42040808ad9a9101d723 (git)
Affected: dfccd0f580445d176acea174175b3e6518cc91f7 , < 7ecd3dd4f8eecd3309432156ccfe24768e009ec4 (git)
Affected: dfccd0f580445d176acea174175b3e6518cc91f7 , < 56ad559cf6d87f250a8d203b555dfc3716afa946 (git)
Affected: dfccd0f580445d176acea174175b3e6518cc91f7 , < 64513d0e546a1f19e390f7e5eba3872bfcbdacf5 (git)
Affected: dfccd0f580445d176acea174175b3e6518cc91f7 , < febccb39255f9df35527b88c953b2e0deae50e53 (git)

Linux

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.108 , ≤ 6.1.* (semver)
Unaffected: 6.6.49 , ≤ 6.6.* (semver)
Unaffected: 6.10.8 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46676",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:44:14.123605Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:44:28.585Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:16:14.033Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nfc/pn533/pn533.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c5e05237444f32f6cfe5d907603a232c77a08b31",
              "status": "affected",
              "version": "dfccd0f580445d176acea174175b3e6518cc91f7",
              "versionType": "git"
            },
            {
              "lessThan": "8ddaea033de051ed61b39f6b69ad54a411172b33",
              "status": "affected",
              "version": "dfccd0f580445d176acea174175b3e6518cc91f7",
              "versionType": "git"
            },
            {
              "lessThan": "7535db0624a2dede374c42040808ad9a9101d723",
              "status": "affected",
              "version": "dfccd0f580445d176acea174175b3e6518cc91f7",
              "versionType": "git"
            },
            {
              "lessThan": "7ecd3dd4f8eecd3309432156ccfe24768e009ec4",
              "status": "affected",
              "version": "dfccd0f580445d176acea174175b3e6518cc91f7",
              "versionType": "git"
            },
            {
              "lessThan": "56ad559cf6d87f250a8d203b555dfc3716afa946",
              "status": "affected",
              "version": "dfccd0f580445d176acea174175b3e6518cc91f7",
              "versionType": "git"
            },
            {
              "lessThan": "64513d0e546a1f19e390f7e5eba3872bfcbdacf5",
              "status": "affected",
              "version": "dfccd0f580445d176acea174175b3e6518cc91f7",
              "versionType": "git"
            },
            {
              "lessThan": "febccb39255f9df35527b88c953b2e0deae50e53",
              "status": "affected",
              "version": "dfccd0f580445d176acea174175b3e6518cc91f7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nfc/pn533/pn533.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.108",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.49",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.8",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\u0027if (!im_protocols \u0026\u0026 !tm_protocols)\u0027 in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev-\u003epoll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a \"bad\"\ncombination of protocol parameter values so that dev-\u003epoll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    -\u003estart_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:40.195Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33"
        },
        {
          "url": "https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4"
        },
        {
          "url": "https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946"
        },
        {
          "url": "https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53"
        }
      ],
      "title": "nfc: pn533: Add poll mod list filling check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46676",
    "datePublished": "2024-09-13T05:29:11.598Z",
    "dateReserved": "2024-09-11T15:12:18.247Z",
    "dateUpdated": "2025-11-03T22:16:14.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39502 (GCVE-0-2024-39502)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2025-11-03 21:56

Title

ionic: fix use after netif_napi_del()

Summary

In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netif_napi_del() When queues are started, netif_napi_add() and napi_enable() are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and enabled. The ionic_qcq_enable() checks whether the .poll pointer is not NULL for enabling only the using queue' napi. Unused queues' napi will not be registered by netif_napi_add(), so the .poll pointer indicates NULL. But it couldn't distinguish whether the napi was unregistered or not because netif_napi_del() doesn't reset the .poll pointer to NULL. So, ionic_qcq_enable() calls napi_enable() for the queue, which was unregistered by netif_napi_del(). Reproducer: ethtool -L <interface name> rx 1 tx 1 combined 0 ethtool -L <interface name> rx 0 tx 0 combined 1 ethtool -L <interface name> rx 0 tx 0 combined 4 Splat looks like: kernel BUG at net/core/dev.c:6666! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1057 Comm: kworker/3:3 Not tainted 6.10.0-rc2+ #16 Workqueue: events ionic_lif_deferred_work [ionic] RIP: 0010:napi_enable+0x3b/0x40 Code: 48 89 c2 48 83 e2 f6 80 b9 61 09 00 00 00 74 0d 48 83 bf 60 01 00 00 00 74 03 80 ce 01 f0 4f RSP: 0018:ffffb6ed83227d48 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff97560cda0828 RCX: 0000000000000029 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff97560cda0a28 RBP: ffffb6ed83227d50 R08: 0000000000000400 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: ffff97560ce3c1a0 R14: 0000000000000000 R15: ffff975613ba0a20 FS: 0000000000000000(0000) GS:ffff975d5f780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8f734ee200 CR3: 0000000103e50000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> ? die+0x33/0x90 ? do_trap+0xd9/0x100 ? napi_enable+0x3b/0x40 ? do_error_trap+0x83/0xb0 ? napi_enable+0x3b/0x40 ? napi_enable+0x3b/0x40 ? exc_invalid_op+0x4e/0x70 ? napi_enable+0x3b/0x40 ? asm_exc_invalid_op+0x16/0x20 ? napi_enable+0x3b/0x40 ionic_qcq_enable+0xb7/0x180 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] ionic_start_queues+0xc4/0x290 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] ionic_link_status_check+0x11c/0x170 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] ionic_lif_deferred_work+0x129/0x280 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] process_one_work+0x145/0x360 worker_thread+0x2bb/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0xcc/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0d19267cb150e8f76…
	https://git.kernel.org/stable/c/ff9c2a9426ecf5b96…
	https://git.kernel.org/stable/c/8edd18dab443863e9…
	https://git.kernel.org/stable/c/60cd714871cd5a683…
	https://git.kernel.org/stable/c/183ebc167a8a19e91…
	https://git.kernel.org/stable/c/a87d72b37b9ec2c1e…
	https://git.kernel.org/stable/c/79f18a41dd056115d…

Impacted products

Vendor

Product

Version

Linux

Affected: 0f3154e6bcb354968cc04f7cd86ce466f7b9a814 , < 0d19267cb150e8f76ade210e16ee820a77f684e7 (git)
Affected: 0f3154e6bcb354968cc04f7cd86ce466f7b9a814 , < ff9c2a9426ecf5b9631e9fd74993b357262387d6 (git)
Affected: 0f3154e6bcb354968cc04f7cd86ce466f7b9a814 , < 8edd18dab443863e9e48f084e7f123fca3065e4e (git)
Affected: 0f3154e6bcb354968cc04f7cd86ce466f7b9a814 , < 60cd714871cd5a683353a355cbb17a685245cf84 (git)
Affected: 0f3154e6bcb354968cc04f7cd86ce466f7b9a814 , < 183ebc167a8a19e916b885d4bb61a3491991bfa5 (git)
Affected: 0f3154e6bcb354968cc04f7cd86ce466f7b9a814 , < a87d72b37b9ec2c1e18fe36b09241d8b30334a2e (git)
Affected: 0f3154e6bcb354968cc04f7cd86ce466f7b9a814 , < 79f18a41dd056115d685f3b0a419c7cd40055e13 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:56:21.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d19267cb150e8f76ade210e16ee820a77f684e7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff9c2a9426ecf5b9631e9fd74993b357262387d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8edd18dab443863e9e48f084e7f123fca3065e4e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/60cd714871cd5a683353a355cbb17a685245cf84"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/183ebc167a8a19e916b885d4bb61a3491991bfa5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a87d72b37b9ec2c1e18fe36b09241d8b30334a2e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79f18a41dd056115d685f3b0a419c7cd40055e13"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:07.252622Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:40.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/pensando/ionic/ionic_lif.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0d19267cb150e8f76ade210e16ee820a77f684e7",
              "status": "affected",
              "version": "0f3154e6bcb354968cc04f7cd86ce466f7b9a814",
              "versionType": "git"
            },
            {
              "lessThan": "ff9c2a9426ecf5b9631e9fd74993b357262387d6",
              "status": "affected",
              "version": "0f3154e6bcb354968cc04f7cd86ce466f7b9a814",
              "versionType": "git"
            },
            {
              "lessThan": "8edd18dab443863e9e48f084e7f123fca3065e4e",
              "status": "affected",
              "version": "0f3154e6bcb354968cc04f7cd86ce466f7b9a814",
              "versionType": "git"
            },
            {
              "lessThan": "60cd714871cd5a683353a355cbb17a685245cf84",
              "status": "affected",
              "version": "0f3154e6bcb354968cc04f7cd86ce466f7b9a814",
              "versionType": "git"
            },
            {
              "lessThan": "183ebc167a8a19e916b885d4bb61a3491991bfa5",
              "status": "affected",
              "version": "0f3154e6bcb354968cc04f7cd86ce466f7b9a814",
              "versionType": "git"
            },
            {
              "lessThan": "a87d72b37b9ec2c1e18fe36b09241d8b30334a2e",
              "status": "affected",
              "version": "0f3154e6bcb354968cc04f7cd86ce466f7b9a814",
              "versionType": "git"
            },
            {
              "lessThan": "79f18a41dd056115d685f3b0a419c7cd40055e13",
              "status": "affected",
              "version": "0f3154e6bcb354968cc04f7cd86ce466f7b9a814",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/pensando/ionic/ionic_lif.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: fix use after netif_napi_del()\n\nWhen queues are started, netif_napi_add() and napi_enable() are called.\nIf there are 4 queues and only 3 queues are used for the current\nconfiguration, only 3 queues\u0027 napi should be registered and enabled.\nThe ionic_qcq_enable() checks whether the .poll pointer is not NULL for\nenabling only the using queue\u0027 napi. Unused queues\u0027 napi will not be\nregistered by netif_napi_add(), so the .poll pointer indicates NULL.\nBut it couldn\u0027t distinguish whether the napi was unregistered or not\nbecause netif_napi_del() doesn\u0027t reset the .poll pointer to NULL.\nSo, ionic_qcq_enable() calls napi_enable() for the queue, which was\nunregistered by netif_napi_del().\n\nReproducer:\n   ethtool -L \u003cinterface name\u003e rx 1 tx 1 combined 0\n   ethtool -L \u003cinterface name\u003e rx 0 tx 0 combined 1\n   ethtool -L \u003cinterface name\u003e rx 0 tx 0 combined 4\n\nSplat looks like:\nkernel BUG at net/core/dev.c:6666!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 1057 Comm: kworker/3:3 Not tainted 6.10.0-rc2+ #16\nWorkqueue: events ionic_lif_deferred_work [ionic]\nRIP: 0010:napi_enable+0x3b/0x40\nCode: 48 89 c2 48 83 e2 f6 80 b9 61 09 00 00 00 74 0d 48 83 bf 60 01 00 00 00 74 03 80 ce 01 f0 4f\nRSP: 0018:ffffb6ed83227d48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff97560cda0828 RCX: 0000000000000029\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff97560cda0a28\nRBP: ffffb6ed83227d50 R08: 0000000000000400 R09: 0000000000000001\nR10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000\nR13: ffff97560ce3c1a0 R14: 0000000000000000 R15: ffff975613ba0a20\nFS:  0000000000000000(0000) GS:ffff975d5f780000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8f734ee200 CR3: 0000000103e50000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? die+0x33/0x90\n ? do_trap+0xd9/0x100\n ? napi_enable+0x3b/0x40\n ? do_error_trap+0x83/0xb0\n ? napi_enable+0x3b/0x40\n ? napi_enable+0x3b/0x40\n ? exc_invalid_op+0x4e/0x70\n ? napi_enable+0x3b/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? napi_enable+0x3b/0x40\n ionic_qcq_enable+0xb7/0x180 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_start_queues+0xc4/0x290 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_link_status_check+0x11c/0x170 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_lif_deferred_work+0x129/0x280 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n process_one_work+0x145/0x360\n worker_thread+0x2bb/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xcc/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:17:10.886Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0d19267cb150e8f76ade210e16ee820a77f684e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff9c2a9426ecf5b9631e9fd74993b357262387d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/8edd18dab443863e9e48f084e7f123fca3065e4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/60cd714871cd5a683353a355cbb17a685245cf84"
        },
        {
          "url": "https://git.kernel.org/stable/c/183ebc167a8a19e916b885d4bb61a3491991bfa5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a87d72b37b9ec2c1e18fe36b09241d8b30334a2e"
        },
        {
          "url": "https://git.kernel.org/stable/c/79f18a41dd056115d685f3b0a419c7cd40055e13"
        }
      ],
      "title": "ionic: fix use after netif_napi_del()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39502",
    "datePublished": "2024-07-12T12:20:35.635Z",
    "dateReserved": "2024-06-25T14:23:23.752Z",
    "dateUpdated": "2025-11-03T21:56:21.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47696 (GCVE-0-2024-47696)

Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21

Title

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the function flush_workqueue is invoked to flush the work queue iwcm_wq. But at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM. Because the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn't have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock. The call trace is as below: [ 125.350876][ T1430] Call Trace: [ 125.356281][ T1430] <TASK> [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239) [ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231) [ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339) [ 125.531837][ T1430] kthread (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430] </TASK> [ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/da2708a19f45b4a72…
	https://git.kernel.org/stable/c/29b3bbd912b8db86d…
	https://git.kernel.org/stable/c/2efe8da2ddbf87338…
	https://git.kernel.org/stable/c/da0392698c62397c1…
	https://git.kernel.org/stable/c/a64f30db12bdc937c…
	https://git.kernel.org/stable/c/8b7df76356d098f85…
	https://git.kernel.org/stable/c/c8b18a75282cfd278…
	https://git.kernel.org/stable/c/a09dc967b3c58899e…
	https://git.kernel.org/stable/c/86dfdd8288907f03c…

Impacted products

Vendor

Product

Version

Linux

Affected: d91d253c87fd1efece521ff2612078a35af673c6 , < da2708a19f45b4a7278adf523837c8db21d1e2b5 (git)
Affected: 7f25f296fc9bd0435be14e89bf657cd615a23574 , < 29b3bbd912b8db86df7a3c180b910ccb621f5635 (git)
Affected: 94ee7ff99b87435ec63211f632918dc7f44dac79 , < 2efe8da2ddbf873385b4bc55366d09350b408df6 (git)
Affected: 557d035fe88d78dd51664f4dc0e1896c04c97cf6 , < da0392698c62397c19deb1b9e9bdf2fbb5a9420e (git)
Affected: dc8074b8901caabb97c2d353abd6b4e7fa5a59a5 , < a64f30db12bdc937c5108158d98c8eab1925c548 (git)
Affected: ff5bbbdee08287d75d72e65b72a2b76d9637892a , < 8b7df76356d098f85f3bd2c7cf6fb43f531893d7 (git)
Affected: ee39384ee787e86e9db4efb843818ef0ea9cb8ae , < c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58 (git)
Affected: aee2424246f9f1dadc33faa78990c1e2eb7826e4 , < a09dc967b3c58899e259c0aea092f421d22a0b04 (git)
Affected: aee2424246f9f1dadc33faa78990c1e2eb7826e4 , < 86dfdd8288907f03c18b7fb462e0e232c4f98d89 (git)

Linux

Affected: 6.11
Unaffected: 0 , < 6.11 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.54 , ≤ 6.6.* (semver)
Unaffected: 6.10.13 , ≤ 6.10.* (semver)
Unaffected: 6.11.2 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47696",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T13:05:12.849051Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:14:14.398Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:21:01.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/iwcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "da2708a19f45b4a7278adf523837c8db21d1e2b5",
              "status": "affected",
              "version": "d91d253c87fd1efece521ff2612078a35af673c6",
              "versionType": "git"
            },
            {
              "lessThan": "29b3bbd912b8db86df7a3c180b910ccb621f5635",
              "status": "affected",
              "version": "7f25f296fc9bd0435be14e89bf657cd615a23574",
              "versionType": "git"
            },
            {
              "lessThan": "2efe8da2ddbf873385b4bc55366d09350b408df6",
              "status": "affected",
              "version": "94ee7ff99b87435ec63211f632918dc7f44dac79",
              "versionType": "git"
            },
            {
              "lessThan": "da0392698c62397c19deb1b9e9bdf2fbb5a9420e",
              "status": "affected",
              "version": "557d035fe88d78dd51664f4dc0e1896c04c97cf6",
              "versionType": "git"
            },
            {
              "lessThan": "a64f30db12bdc937c5108158d98c8eab1925c548",
              "status": "affected",
              "version": "dc8074b8901caabb97c2d353abd6b4e7fa5a59a5",
              "versionType": "git"
            },
            {
              "lessThan": "8b7df76356d098f85f3bd2c7cf6fb43f531893d7",
              "status": "affected",
              "version": "ff5bbbdee08287d75d72e65b72a2b76d9637892a",
              "versionType": "git"
            },
            {
              "lessThan": "c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58",
              "status": "affected",
              "version": "ee39384ee787e86e9db4efb843818ef0ea9cb8ae",
              "versionType": "git"
            },
            {
              "lessThan": "a09dc967b3c58899e259c0aea092f421d22a0b04",
              "status": "affected",
              "version": "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
              "versionType": "git"
            },
            {
              "lessThan": "86dfdd8288907f03c18b7fb462e0e232c4f98d89",
              "status": "affected",
              "version": "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/iwcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.19.320",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "5.4.282",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.10.224",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.15.165",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "6.1.103",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "6.6.44",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "6.10.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\n\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to\ndestroying CM IDs\"), the function flush_workqueue is invoked to flush the\nwork queue iwcm_wq.\n\nBut at that time, the work queue iwcm_wq was created via the function\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\n\nBecause the current process is trying to flush the whole iwcm_wq, if\niwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current\nprocess is not reclaiming memory or running on a workqueue which doesn\u0027t\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\nleading to a deadlock.\n\nThe call trace is as below:\n\n[  125.350876][ T1430] Call Trace:\n[  125.356281][ T1430]  \u003cTASK\u003e\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n[  125.566487][ T1430]  \u003c/TASK\u003e\n[  125.566488][ T1430] ---[ end trace 0000000000000000 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:37:36.111Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635"
        },
        {
          "url": "https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6"
        },
        {
          "url": "https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58"
        },
        {
          "url": "https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04"
        },
        {
          "url": "https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89"
        }
      ],
      "title": "RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47696",
    "datePublished": "2024-10-21T11:53:33.950Z",
    "dateReserved": "2024-09-30T16:00:12.942Z",
    "dateUpdated": "2025-11-03T22:21:01.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52502 (GCVE-0-2023-52502)

Vulnerability from cvelistv5 – Published: 2024-03-02 21:52 – Updated: 2025-05-04 07:38

Title

net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock. nfc_llcp_sock_get_sn() has a similar problem. Finally nfc_llcp_recv_snl() needs to make sure the socket found by nfc_llcp_sock_from_sn() does not disappear.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e863f5720a5680e50…
	https://git.kernel.org/stable/c/7adcf014bda16cdbf…
	https://git.kernel.org/stable/c/6ac22ecdaad2ecc66…
	https://git.kernel.org/stable/c/d888d3f70b0de32b4…
	https://git.kernel.org/stable/c/e4f2611f07c87b3dd…
	https://git.kernel.org/stable/c/d1af8a39cf839d93c…
	https://git.kernel.org/stable/c/31c07dffafce914c1…

Impacted products

Vendor

Product

Version

Linux

Affected: 8f50020ed9b81ba909ce9573f9d05263cdebf502 , < e863f5720a5680e50c4cecf12424d7cc31b3eb0a (git)
Affected: 8f50020ed9b81ba909ce9573f9d05263cdebf502 , < 7adcf014bda16cdbf804af5c164d94d5d025db2d (git)
Affected: 8f50020ed9b81ba909ce9573f9d05263cdebf502 , < 6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9 (git)
Affected: 8f50020ed9b81ba909ce9573f9d05263cdebf502 , < d888d3f70b0de32b4f51534175f039ddab15eef8 (git)
Affected: 8f50020ed9b81ba909ce9573f9d05263cdebf502 , < e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc (git)
Affected: 8f50020ed9b81ba909ce9573f9d05263cdebf502 , < d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c (git)
Affected: 8f50020ed9b81ba909ce9573f9d05263cdebf502 , < 31c07dffafce914c1d1543c135382a11ff058d93 (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 4.19.297 , ≤ 4.19.* (semver)
Unaffected: 5.4.259 , ≤ 5.4.* (semver)
Unaffected: 5.10.199 , ≤ 5.10.* (semver)
Unaffected: 5.15.136 , ≤ 5.15.* (semver)
Unaffected: 6.1.59 , ≤ 6.1.* (semver)
Unaffected: 6.5.8 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T20:30:02.589366Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T14:59:47.087Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/nfc/llcp_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e863f5720a5680e50c4cecf12424d7cc31b3eb0a",
              "status": "affected",
              "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
              "versionType": "git"
            },
            {
              "lessThan": "7adcf014bda16cdbf804af5c164d94d5d025db2d",
              "status": "affected",
              "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
              "versionType": "git"
            },
            {
              "lessThan": "6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9",
              "status": "affected",
              "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
              "versionType": "git"
            },
            {
              "lessThan": "d888d3f70b0de32b4f51534175f039ddab15eef8",
              "status": "affected",
              "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
              "versionType": "git"
            },
            {
              "lessThan": "e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc",
              "status": "affected",
              "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
              "versionType": "git"
            },
            {
              "lessThan": "d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c",
              "status": "affected",
              "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
              "versionType": "git"
            },
            {
              "lessThan": "31c07dffafce914c1d1543c135382a11ff058d93",
              "status": "affected",
              "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/nfc/llcp_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.259",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.199",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.136",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.59",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.297",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.259",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.199",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.136",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.59",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.8",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:38:07.231Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"
        },
        {
          "url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"
        },
        {
          "url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"
        }
      ],
      "title": "net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52502",
    "datePublished": "2024-03-02T21:52:17.218Z",
    "dateReserved": "2024-02-20T12:30:33.313Z",
    "dateUpdated": "2025-05-04T07:38:07.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27417 (GCVE-0-2024-27417)

Vulnerability from cvelistv5 – Published: 2024-05-17 11:51 – Updated: 2025-05-04 09:04

Title

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated "struct net" refcount.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9d4ffb5b9d879a75e…
	https://git.kernel.org/stable/c/810fa7d5e5202fcfb…
	https://git.kernel.org/stable/c/8a54834c03c30e549…
	https://git.kernel.org/stable/c/1b0998fdd85776775…
	https://git.kernel.org/stable/c/44112bc5c74e64f28…
	https://git.kernel.org/stable/c/33a1b6bfef6def206…
	https://git.kernel.org/stable/c/10bfd453da64a057b…

Impacted products

Vendor

Product

Version

Linux

Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132 (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 810fa7d5e5202fcfb22720304b755f1bdfd4c174 (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 8a54834c03c30e549c33d5da0975f3e1454ec906 (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 1b0998fdd85776775d975d0024bca227597e836a (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 44112bc5c74e64f28f5a9127dc34066c7a09bd0f (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 33a1b6bfef6def2068c8703403759024ce17053e (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 10bfd453da64a057bcfd1a49fb6b271c48653cdb (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27417",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T14:19:39.323921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:02.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/addrconf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "810fa7d5e5202fcfb22720304b755f1bdfd4c174",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "8a54834c03c30e549c33d5da0975f3e1454ec906",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "1b0998fdd85776775d975d0024bca227597e836a",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "44112bc5c74e64f28f5a9127dc34066c7a09bd0f",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "33a1b6bfef6def2068c8703403759024ce17053e",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "10bfd453da64a057bcfd1a49fb6b271c48653cdb",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/addrconf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()\n\nIt seems that if userspace provides a correct IFA_TARGET_NETNSID value\nbut no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()\nreturns -EINVAL with an elevated \"struct net\" refcount."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:04:42.491Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
        },
        {
          "url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
        },
        {
          "url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
        },
        {
          "url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
        }
      ],
      "title": "ipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27417",
    "datePublished": "2024-05-17T11:51:07.803Z",
    "dateReserved": "2024-02-25T13:47:42.683Z",
    "dateUpdated": "2025-05-04T09:04:42.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46743 (GCVE-0-2024-46743)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-01-05 10:52

Title

of/irq: Prevent device address out-of-bounds read in interrupt map walk

Summary

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d2a79494d8a526294…
	https://git.kernel.org/stable/c/defcaa426ba0bc89f…
	https://git.kernel.org/stable/c/9d1e9f0876b03d74d…
	https://git.kernel.org/stable/c/baaf26723beab3a04…
	https://git.kernel.org/stable/c/8ff351ea12e918db1…
	https://git.kernel.org/stable/c/7ead730af11ee7da1…
	https://git.kernel.org/stable/c/bf68acd840b6a5bfd…
	https://git.kernel.org/stable/c/b739dffa5d570b411…

Impacted products

Vendor

Product

Version

Linux

Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < d2a79494d8a5262949736fb2c3ac44d20a51b0d8 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < defcaa426ba0bc89ffdafb799d2e50b52f74ffc4 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < 9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < baaf26723beab3a04da578d3008be3544f83758f (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < 8ff351ea12e918db1373b915c4c268815929cbe5 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < 7ead730af11ee7da107f16fc77995613c58d292d (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < bf68acd840b6a5bfd3777e0d5aaa204db6b461a9 (git)
Affected: cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 , < b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (git)

Linux

Affected: 2.6.18
Unaffected: 0 , < 2.6.18 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46743",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:49:43.804091Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:49:58.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:17:32.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/of/irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d2a79494d8a5262949736fb2c3ac44d20a51b0d8",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "defcaa426ba0bc89ffdafb799d2e50b52f74ffc4",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "baaf26723beab3a04da578d3008be3544f83758f",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "8ff351ea12e918db1373b915c4c268815929cbe5",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "7ead730af11ee7da107f16fc77995613c58d292d",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "bf68acd840b6a5bfd3777e0d5aaa204db6b461a9",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            },
            {
              "lessThan": "b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305",
              "status": "affected",
              "version": "cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/of/irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.18"
            },
            {
              "lessThan": "2.6.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg=\"func of_irq_parse_* +p\"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -\u003e addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  \u003effffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -\u003e got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:52:59.785Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5"
        },
        {
          "url": "https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305"
        }
      ],
      "title": "of/irq: Prevent device address out-of-bounds read in interrupt map walk",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46743",
    "datePublished": "2024-09-18T07:12:04.166Z",
    "dateReserved": "2024-09-11T15:12:18.264Z",
    "dateUpdated": "2026-01-05T10:52:59.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53172 (GCVE-0-2024-53172)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2025-11-03 20:47

Title

ubi: fastmap: Fix duplicate slab cache names while attaching

Summary

In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y"), the duplicate slab cache names can be detected and a kernel WARNING is thrown out. In UBI fast attaching process, alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache', which will trigger following warning messages: kmem_cache of name 'ubi_aeb_slab_cache' already exists WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107 __kmem_cache_create_args+0x100/0x5f0 Modules linked in: ubi(+) nandsim [last unloaded: nandsim] CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2 RIP: 0010:__kmem_cache_create_args+0x100/0x5f0 Call Trace: __kmem_cache_create_args+0x100/0x5f0 alloc_ai+0x295/0x3f0 [ubi] ubi_attach+0x3c3/0xcc0 [ubi] ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi] ubi_init+0x3fb/0x800 [ubi] do_init_module+0x265/0x7d0 __x64_sys_finit_module+0x7a/0xc0 The problem could be easily reproduced by loading UBI device by fastmap with CONFIG_DEBUG_VM=y. Fix it by using different slab names for alloc_ai() callers.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ef52b7191ac41e68b…
	https://git.kernel.org/stable/c/871c148f8e0c32e50…
	https://git.kernel.org/stable/c/04c0b0f3761709947…
	https://git.kernel.org/stable/c/b1ee0aa4945c49cbb…
	https://git.kernel.org/stable/c/6afdcb285794e75d2…
	https://git.kernel.org/stable/c/612824dd0c9465ef3…
	https://git.kernel.org/stable/c/3d8558135cd56a2a8…
	https://git.kernel.org/stable/c/7402c4bcb8a3f0d2e…
	https://git.kernel.org/stable/c/bcddf52b7a17adceb…

Impacted products

Vendor

Product

Version

Linux

Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < ef52b7191ac41e68b1bf070d00c5b04ed16e4920 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 871c148f8e0c32e505df9393ba4a303c3c3fe988 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 04c0b0f37617099479c34e207c5550d081f585a6 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < b1ee0aa4945c49cbbd779da81040fcec4de80fd1 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 6afdcb285794e75d2c8995e3a44f523c176cc2de (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 612824dd0c9465ef365ace38b056c663d110956d (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 3d8558135cd56a2a8052024be4073e160f36658c (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 7402c4bcb8a3f0d2ef4e687cd45c76be489cf509 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < bcddf52b7a17adcebc768d26f4e27cf79adb424c (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:04.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/ubi/attach.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ef52b7191ac41e68b1bf070d00c5b04ed16e4920",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "871c148f8e0c32e505df9393ba4a303c3c3fe988",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "04c0b0f37617099479c34e207c5550d081f585a6",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "b1ee0aa4945c49cbbd779da81040fcec4de80fd1",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "6afdcb285794e75d2c8995e3a44f523c176cc2de",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "612824dd0c9465ef365ace38b056c663d110956d",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "3d8558135cd56a2a8052024be4073e160f36658c",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "7402c4bcb8a3f0d2ef4e687cd45c76be489cf509",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "bcddf52b7a17adcebc768d26f4e27cf79adb424c",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/ubi/attach.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: fastmap: Fix duplicate slab cache names while attaching\n\nSince commit 4c39529663b9 (\"slab: Warn on duplicate cache names when\nDEBUG_VM=y\"), the duplicate slab cache names can be detected and a\nkernel WARNING is thrown out.\nIn UBI fast attaching process, alloc_ai() could be invoked twice\nwith the same slab cache name \u0027ubi_aeb_slab_cache\u0027, which will trigger\nfollowing warning messages:\n kmem_cache of name \u0027ubi_aeb_slab_cache\u0027 already exists\n WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107\n          __kmem_cache_create_args+0x100/0x5f0\n Modules linked in: ubi(+) nandsim [last unloaded: nandsim]\n CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2\n RIP: 0010:__kmem_cache_create_args+0x100/0x5f0\n Call Trace:\n   __kmem_cache_create_args+0x100/0x5f0\n   alloc_ai+0x295/0x3f0 [ubi]\n   ubi_attach+0x3c3/0xcc0 [ubi]\n   ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi]\n   ubi_init+0x3fb/0x800 [ubi]\n   do_init_module+0x265/0x7d0\n   __x64_sys_finit_module+0x7a/0xc0\n\nThe problem could be easily reproduced by loading UBI device by fastmap\nwith CONFIG_DEBUG_VM=y.\nFix it by using different slab names for alloc_ai() callers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:51.996Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ef52b7191ac41e68b1bf070d00c5b04ed16e4920"
        },
        {
          "url": "https://git.kernel.org/stable/c/871c148f8e0c32e505df9393ba4a303c3c3fe988"
        },
        {
          "url": "https://git.kernel.org/stable/c/04c0b0f37617099479c34e207c5550d081f585a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1ee0aa4945c49cbbd779da81040fcec4de80fd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6afdcb285794e75d2c8995e3a44f523c176cc2de"
        },
        {
          "url": "https://git.kernel.org/stable/c/612824dd0c9465ef365ace38b056c663d110956d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d8558135cd56a2a8052024be4073e160f36658c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7402c4bcb8a3f0d2ef4e687cd45c76be489cf509"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcddf52b7a17adcebc768d26f4e27cf79adb424c"
        }
      ],
      "title": "ubi: fastmap: Fix duplicate slab cache names while attaching",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53172",
    "datePublished": "2024-12-27T13:49:17.267Z",
    "dateReserved": "2024-11-19T17:17:25.006Z",
    "dateUpdated": "2025-11-03T20:47:04.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44990 (GCVE-0-2024-44990)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14

Title

bonding: fix null pointer deref in bond_ipsec_offload_ok

Summary

In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/81216b9352be43f89…
	https://git.kernel.org/stable/c/2f5bdd68c1ce64bda…
	https://git.kernel.org/stable/c/32a0173600c63aada…
	https://git.kernel.org/stable/c/0707260a18312bbcd…
	https://git.kernel.org/stable/c/b70b0ddfed31fc92c…
	https://git.kernel.org/stable/c/95c90e4ad89d493a7…

Impacted products

Vendor

Product

Version

Linux

Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 81216b9352be43f8958092d379f6dec85443c309 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 32a0173600c63aadaf2103bf02f074982e8602ab (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 0707260a18312bbcd2a5668584e3692d0a29e3f6 (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < b70b0ddfed31fc92c8dc722d0afafc8e14cb550c (git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 95c90e4ad89d493a7a14fa200082e466e2548f9d (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:45.863668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:21:23.035Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:14:46.719Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "81216b9352be43f8958092d379f6dec85443c309",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "32a0173600c63aadaf2103bf02f074982e8602ab",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "0707260a18312bbcd2a5668584e3692d0a29e3f6",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "b70b0ddfed31fc92c8dc722d0afafc8e14cb550c",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "95c90e4ad89d493a7a14fa200082e466e2548f9d",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:33.385Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59"
        },
        {
          "url": "https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c"
        },
        {
          "url": "https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d"
        }
      ],
      "title": "bonding: fix null pointer deref in bond_ipsec_offload_ok",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44990",
    "datePublished": "2024-09-04T19:54:37.518Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2025-11-03T22:14:46.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-52504 (GCVE-0-2024-52504)

Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:15

Summary

A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions < V4.78), SIPROTEC 4 7SD610 (All versions < V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

SIPROTEC 4 6MD61

Affected: 0 , < * (custom)

Siemens	SIPROTEC 4 6MD63	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 6MD66	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 6MD665	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7SA522	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7SA6	Affected: 0 , < V4.78 (custom)
Siemens	SIPROTEC 4 7SD5	Affected: 0 , < V4.78 (custom)
Siemens	SIPROTEC 4 7SD610	Affected: 0 , < V4.78 (custom)
Siemens	SIPROTEC 4 7SJ61	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7SJ62	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7SJ63	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7SJ64	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7SJ66	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7SS52	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7ST6	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7UM61	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7UM62	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7UT612	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7UT613	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7UT63	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7VE6	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7VK61	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 7VU683	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 Compact 7RW80	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 Compact 7SD80	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 Compact 7SJ80	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 Compact 7SJ81	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 Compact 7SK80	Affected: 0 , < * (custom)
Siemens	SIPROTEC 4 Compact 7SK81	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52504",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T19:09:20.387727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T19:15:53.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 6MD61",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 6MD63",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 6MD66",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 6MD665",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SA522",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SA6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.78",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SD5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.78",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SD610",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.78",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SJ61",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SJ62",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SJ63",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SJ64",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SJ66",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7SS52",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7ST6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7UM61",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7UM62",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7UT612",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7UT613",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7UT63",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7VE6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7VK61",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 7VU683",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 Compact 7RW80",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 Compact 7SD80",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 Compact 7SJ80",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 Compact 7SJ81",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 Compact 7SK80",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 4 Compact 7SK81",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions \u003c V4.78), SIPROTEC 4 7SD5 (All versions \u003c V4.78), SIPROTEC 4 7SD610 (All versions \u003c V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T11:16:48.226Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-400089.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-52504",
    "datePublished": "2025-08-12T11:16:48.226Z",
    "dateReserved": "2024-11-11T08:11:56.754Z",
    "dateUpdated": "2025-08-12T19:15:53.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38586 (GCVE-0-2024-38586)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2025-05-04 09:14

Title

r8169: Fix possible ring buffer corruption on fragmented Tx packets.

Summary

In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in rtl8169_tso_csum_v2(). To fix this, postpone inspecting nr_frags until after any padding has been applied.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/61c1c98e2607120ce…
	https://git.kernel.org/stable/c/b6d21cf40de103d63…
	https://git.kernel.org/stable/c/0c48185a953095567…
	https://git.kernel.org/stable/c/68222d7b4b72aa321…
	https://git.kernel.org/stable/c/078d5b7500d70af2d…
	https://git.kernel.org/stable/c/54e7a0d111240c92c…
	https://git.kernel.org/stable/c/c71e3a5cffd5309d7…

Impacted products

Vendor

Product

Version

Linux

Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 61c1c98e2607120ce9c3fa1bf75e6da909712b27 (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < b6d21cf40de103d63ae78551098a7c06af8c98dd (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 0c48185a95309556725f818b82120bb74e9c627d (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 68222d7b4b72aa321135cd453dac37f00ec41fd1 (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 078d5b7500d70af2de6b38e226b03f0b932026a6 (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 54e7a0d111240c92c0f02ceba6eb8f26bf6d6479 (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < c71e3a5cffd5309d7f84444df03d5b72600cc417 (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38586",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:50.332760Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:55.087Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/realtek/r8169_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "61c1c98e2607120ce9c3fa1bf75e6da909712b27",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "b6d21cf40de103d63ae78551098a7c06af8c98dd",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "0c48185a95309556725f818b82120bb74e9c627d",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "68222d7b4b72aa321135cd453dac37f00ec41fd1",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "078d5b7500d70af2de6b38e226b03f0b932026a6",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "54e7a0d111240c92c0f02ceba6eb8f26bf6d6479",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "c71e3a5cffd5309d7f84444df03d5b72600cc417",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/realtek/r8169_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: Fix possible ring buffer corruption on fragmented Tx packets.\n\nAn issue was found on the RTL8125b when transmitting small fragmented\npackets, whereby invalid entries were inserted into the transmit ring\nbuffer, subsequently leading to calls to dma_unmap_single() with a null\naddress.\n\nThis was caused by rtl8169_start_xmit() not noticing changes to nr_frags\nwhich may occur when small packets are padded (to work around hardware\nquirks) in rtl8169_tso_csum_v2().\n\nTo fix this, postpone inspecting nr_frags until after any padding has been\napplied."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:41.890Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
        },
        {
          "url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
        },
        {
          "url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
        }
      ],
      "title": "r8169: Fix possible ring buffer corruption on fragmented Tx packets.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38586",
    "datePublished": "2024-06-19T13:37:41.879Z",
    "dateReserved": "2024-06-18T19:36:34.929Z",
    "dateUpdated": "2025-05-04T09:14:41.890Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56770 (GCVE-0-2024-56770)

Vulnerability from cvelistv5 – Published: 2025-01-08 16:36 – Updated: 2025-11-03 20:54

Title

net/sched: netem: account for backlog updates from child qdisc

Summary

In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of netem, 'qlen' only accounts for the packets in its internal tfifo. When netem is used with a child qdisc, the child qdisc can use 'qdisc_tree_reduce_backlog' to inform its parent, netem, about created or dropped SKBs. This function updates 'qlen' and the backlog statistics of netem, but netem does not account for changes made by a child qdisc. 'qlen' then indicates the wrong number of packets in the tfifo. If a child qdisc creates new SKBs during enqueue and informs its parent about this, netem's 'qlen' value is increased. When netem dequeues the newly created SKBs from the child, the 'qlen' in netem is not updated. If 'qlen' reaches the configured sch->limit, the enqueue function stops working, even though the tfifo is not full. Reproduce the bug: Ensure that the sender machine has GSO enabled. Configure netem as root qdisc and tbf as its child on the outgoing interface of the machine as follows: $ tc qdisc add dev <oif> root handle 1: netem delay 100ms limit 100 $ tc qdisc add dev <oif> parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms Send bulk TCP traffic out via this interface, e.g., by running an iPerf3 client on the machine. Check the qdisc statistics: $ tc -s qdisc show dev <oif> Statistics after 10s of iPerf3 TCP test before the fix (note that netem's backlog > limit, netem stopped accepting packets): qdisc netem 1: root refcnt 2 limit 1000 delay 100ms Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0) backlog 4294528236b 1155p requeues 0 qdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0) backlog 0b 0p requeues 0 Statistics after the fix: qdisc netem 1: root refcnt 2 limit 1000 delay 100ms Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0) backlog 0b 0p requeues 0 tbf segments the GSO SKBs (tbf_segment) and updates the netem's 'qlen'. The interface fully stops transferring packets and "locks". In this case, the child qdisc and tfifo are empty, but 'qlen' indicates the tfifo is at its limit and no more packets are accepted. This patch adds a counter for the entries in the tfifo. Netem's 'qlen' is only decreased when a packet is returned by its dequeue function, and not during enqueuing into the child qdisc. External updates to 'qlen' are thus accounted for and only the behavior of the backlog statistics changes. As in other qdiscs, 'qlen' then keeps track of how many packets are held in netem and all of its children. As before, sch->limit remains as the maximum number of packets in the tfifo. The same applies to netem's backlog statistics.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/83c6ab12f08dcc09d…
	https://git.kernel.org/stable/c/216509dda290f6db9…
	https://git.kernel.org/stable/c/c2047b0e216c8edce…
	https://git.kernel.org/stable/c/10df49cfca73dfbbd…
	https://git.kernel.org/stable/c/3824c5fad18eeb7ab…
	https://git.kernel.org/stable/c/356078a5c55ec8d20…
	https://git.kernel.org/stable/c/f8d4bc455047cf390…

Impacted products

Vendor

Product

Version

Linux

Affected: 50612537e9ab29693122fab20fc1eed235054ffe , < 83c6ab12f08dcc09d4c5ac86fdb89736b28f1d31 (git)
Affected: 50612537e9ab29693122fab20fc1eed235054ffe , < 216509dda290f6db92c816dd54b83c1df9da9e76 (git)
Affected: 50612537e9ab29693122fab20fc1eed235054ffe , < c2047b0e216c8edce227d7c42f99ac2877dad0e4 (git)
Affected: 50612537e9ab29693122fab20fc1eed235054ffe , < 10df49cfca73dfbbdb6c4150d859f7e8926ae427 (git)
Affected: 50612537e9ab29693122fab20fc1eed235054ffe , < 3824c5fad18eeb7abe0c4fc966f29959552dca3e (git)
Affected: 50612537e9ab29693122fab20fc1eed235054ffe , < 356078a5c55ec8d2061fcc009fb8599f5b0527f9 (git)
Affected: 50612537e9ab29693122fab20fc1eed235054ffe , < f8d4bc455047cf3903cd6f85f49978987dbb3027 (git)

Linux

Affected: 3.3
Unaffected: 0 , < 3.3 (semver)
Unaffected: 5.4.288 , ≤ 5.4.* (semver)
Unaffected: 5.10.232 , ≤ 5.10.* (semver)
Unaffected: 5.15.175 , ≤ 5.15.* (semver)
Unaffected: 6.1.121 , ≤ 6.1.* (semver)
Unaffected: 6.6.67 , ≤ 6.6.* (semver)
Unaffected: 6.12.6 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:56:54.954468Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:25.208Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:08.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_netem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "83c6ab12f08dcc09d4c5ac86fdb89736b28f1d31",
              "status": "affected",
              "version": "50612537e9ab29693122fab20fc1eed235054ffe",
              "versionType": "git"
            },
            {
              "lessThan": "216509dda290f6db92c816dd54b83c1df9da9e76",
              "status": "affected",
              "version": "50612537e9ab29693122fab20fc1eed235054ffe",
              "versionType": "git"
            },
            {
              "lessThan": "c2047b0e216c8edce227d7c42f99ac2877dad0e4",
              "status": "affected",
              "version": "50612537e9ab29693122fab20fc1eed235054ffe",
              "versionType": "git"
            },
            {
              "lessThan": "10df49cfca73dfbbdb6c4150d859f7e8926ae427",
              "status": "affected",
              "version": "50612537e9ab29693122fab20fc1eed235054ffe",
              "versionType": "git"
            },
            {
              "lessThan": "3824c5fad18eeb7abe0c4fc966f29959552dca3e",
              "status": "affected",
              "version": "50612537e9ab29693122fab20fc1eed235054ffe",
              "versionType": "git"
            },
            {
              "lessThan": "356078a5c55ec8d2061fcc009fb8599f5b0527f9",
              "status": "affected",
              "version": "50612537e9ab29693122fab20fc1eed235054ffe",
              "versionType": "git"
            },
            {
              "lessThan": "f8d4bc455047cf3903cd6f85f49978987dbb3027",
              "status": "affected",
              "version": "50612537e9ab29693122fab20fc1eed235054ffe",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_netem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.288",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.288",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.232",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.175",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.121",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.67",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.6",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of  how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:04:19.387Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/83c6ab12f08dcc09d4c5ac86fdb89736b28f1d31"
        },
        {
          "url": "https://git.kernel.org/stable/c/216509dda290f6db92c816dd54b83c1df9da9e76"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2047b0e216c8edce227d7c42f99ac2877dad0e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/10df49cfca73dfbbdb6c4150d859f7e8926ae427"
        },
        {
          "url": "https://git.kernel.org/stable/c/3824c5fad18eeb7abe0c4fc966f29959552dca3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/356078a5c55ec8d2061fcc009fb8599f5b0527f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8d4bc455047cf3903cd6f85f49978987dbb3027"
        }
      ],
      "title": "net/sched: netem: account for backlog updates from child qdisc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56770",
    "datePublished": "2025-01-08T16:36:59.315Z",
    "dateReserved": "2024-12-29T11:26:39.763Z",
    "dateUpdated": "2025-11-03T20:54:08.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-47809 (GCVE-0-2025-47809)

Vulnerability from cvelistv5 – Published: 2025-05-16 00:00 – Updated: 2025-05-16 13:36

Summary

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-272 - Least Privilege Violation

Assigner

mitre

References

URL

Tags

https://www.wibu.com/support/security-advisories/…

Impacted products

	Vendor	Product	Version
	Wibu	CodeMeter	Affected: 0 , < 8.30a (custom)

CERTFR-2025-AVI-0677

Solutions

Action not permitted

CERTFR-2025-AVI-0677

Solutions

CVE-2024-46724 (GCVE-0-2024-46724)

CVE-2024-42148 (GCVE-0-2024-42148)

CVE-2024-36974 (GCVE-0-2024-36974)

CVE-2024-56533 (GCVE-0-2024-56533)

CVE-2024-56587 (GCVE-0-2024-56587)

CVE-2024-46744 (GCVE-0-2024-46744)

CVE-2024-47685 (GCVE-0-2024-47685)

CVE-2024-56603 (GCVE-0-2024-56603)

CVE-2024-0584 (GCVE-0-2024-0584)

CVE-2024-47701 (GCVE-0-2024-47701)

CVE-2024-46719 (GCVE-0-2024-46719)

CVE-2024-26752 (GCVE-0-2024-26752)

CVE-2024-46689 (GCVE-0-2024-46689)

CVE-2024-49971 (GCVE-0-2024-49971)

CVE-2024-50024 (GCVE-0-2024-50024)

CVE-2024-40968 (GCVE-0-2024-40968)

CVE-2024-49959 (GCVE-0-2024-49959)

CVE-2024-50269 (GCVE-0-2024-50269)

CVE-2024-56594 (GCVE-0-2024-56594)

CVE-2024-42093 (GCVE-0-2024-42093)

CVE-2024-43893 (GCVE-0-2024-43893)

CVE-2024-49851 (GCVE-0-2024-49851)

CVE-2024-49875 (GCVE-0-2024-49875)

CVE-2024-26675 (GCVE-0-2024-26675)

CVE-2024-9681 (GCVE-0-2024-9681)

CVE-2022-49034 (GCVE-0-2022-49034)

CVE-2024-46679 (GCVE-0-2024-46679)

CVE-2024-26845 (GCVE-0-2024-26845)

CVE-2023-52617 (GCVE-0-2023-52617)

CVE-2024-49967 (GCVE-0-2024-49967)

CVE-2023-6121 (GCVE-0-2023-6121)

CVE-2023-52867 (GCVE-0-2023-52867)

CVE-2024-41087 (GCVE-0-2024-41087)

CVE-2024-26840 (GCVE-0-2024-26840)

CVE-2024-46781 (GCVE-0-2024-46781)

CVE-2024-46756 (GCVE-0-2024-46756)

CVE-2024-49867 (GCVE-0-2024-49867)

CVE-2024-49881 (GCVE-0-2024-49881)

CVE-2024-56610 (GCVE-0-2024-56610)

CVE-2022-48829 (GCVE-0-2022-48829)

CVE-2023-52809 (GCVE-0-2023-52809)

CVE-2023-39198 (GCVE-0-2023-39198)

CVE-2024-35835 (GCVE-0-2024-35835)

CVE-2024-26702 (GCVE-0-2024-26702)

CVE-2023-52791 (GCVE-0-2023-52791)

CVE-2024-49890 (GCVE-0-2024-49890)

CVE-2024-47692 (GCVE-0-2024-47692)

CVE-2024-56630 (GCVE-0-2024-56630)

CVE-2024-36938 (GCVE-0-2024-36938)

CVE-2024-42224 (GCVE-0-2024-42224)

CVE-2024-50089 (GCVE-0-2024-50089)

CVE-2023-52917 (GCVE-0-2023-52917)

CVE-2024-46745 (GCVE-0-2024-46745)

CVE-2024-53158 (GCVE-0-2024-53158)

CVE-2023-51781 (GCVE-0-2023-51781)

CVE-2024-50251 (GCVE-0-2024-50251)

CVE-2024-26788 (GCVE-0-2024-26788)

CVE-2024-40976 (GCVE-0-2024-40976)

CVE-2024-56615 (GCVE-0-2024-56615)

CVE-2024-46763 (GCVE-0-2024-46763)

CVE-2024-50234 (GCVE-0-2024-50234)

CVE-2024-46791 (GCVE-0-2024-46791)

CVE-2024-47740 (GCVE-0-2024-47740)

CVE-2024-49900 (GCVE-0-2024-49900)

CVE-2024-56562 (GCVE-0-2024-56562)

CVE-2024-56634 (GCVE-0-2024-56634)

CVE-2024-46815 (GCVE-0-2024-46815)

CVE-2024-41000 (GCVE-0-2024-41000)

CVE-2024-49983 (GCVE-0-2024-49983)

CVE-2025-40570 (GCVE-0-2025-40570)

CVE-2024-49966 (GCVE-0-2024-49966)

CVE-2023-52606 (GCVE-0-2023-52606)

CVE-2023-6040 (GCVE-0-2023-6040)

CVE-2024-44998 (GCVE-0-2024-44998)

CVE-2024-56785 (GCVE-0-2024-56785)

CVE-2024-35833 (GCVE-0-2024-35833)

CVE-2024-44954 (GCVE-0-2024-44954)