Action not permitted
Modal body text goes here.
CVE-2023-52468
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52468", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-26T18:14:41.496128Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:24:16.199Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:19.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/base/class.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b57196a5ec5e", "status": "affected", "version": "dcfbb67e48a2", "versionType": "git" }, { "lessThan": "0f1486dafca3", "status": "affected", "version": "dcfbb67e48a2", "versionType": "git" }, { "lessThan": "93ec4a3b7640", "status": "affected", "version": "dcfbb67e48a2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/base/class.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.14", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclass: fix use-after-free in class_register()\n\nThe lock_class_key is still registered and can be found in\nlock_keys_hash hlist after subsys_private is freed in error\nhandler path.A task who iterate over the lock_keys_hash\nlater may cause use-after-free.So fix that up and unregister\nthe lock_class_key before kfree(cp).\n\nOn our platform, a driver fails to kset_register because of\ncreating duplicate filename \u0027/class/xxx\u0027.With Kasan enabled,\nit prints a invalid-access bug report.\n\nKASAN bug report:\n\nBUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc\nWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252\nPointer tag: [15], memory tag: [fe]\n\nCPU: 7 PID: 252 Comm: modprobe Tainted: G W\n 6.6.0-mainline-maybe-dirty #1\n\nCall trace:\ndump_backtrace+0x1b0/0x1e4\nshow_stack+0x2c/0x40\ndump_stack_lvl+0xac/0xe0\nprint_report+0x18c/0x4d8\nkasan_report+0xe8/0x148\n__hwasan_store8_noabort+0x88/0x98\nlockdep_register_key+0x19c/0x1bc\nclass_register+0x94/0x1ec\ninit_module+0xbc/0xf48 [rfkill]\ndo_one_initcall+0x17c/0x72c\ndo_init_module+0x19c/0x3f8\n...\nMemory state around the buggy address:\nffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a\nffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe\n\u003effffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe\n ^\nffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03\n\nAs CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access\nnot use-after-free here.In this case, modprobe is manipulating\nthe corrupted lock_keys_hash hlish where lock_class_key is already\nfreed before.\n\nIt\u0027s worth noting that this only can happen if lockdep is enabled,\nwhich is not true for normal system." } ], "providerMetadata": { "dateUpdated": "2024-11-04T14:47:23.793Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04" }, { "url": "https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559" }, { "url": "https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62" } ], "title": "class: fix use-after-free in class_register()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52468", "datePublished": "2024-02-25T08:16:32.387Z", "dateReserved": "2024-02-20T12:30:33.297Z", "dateUpdated": "2024-11-04T14:47:23.793Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-52468\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-26T16:27:48.710\",\"lastModified\":\"2024-11-21T08:39:50.360\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nclass: fix use-after-free in class_register()\\n\\nThe lock_class_key is still registered and can be found in\\nlock_keys_hash hlist after subsys_private is freed in error\\nhandler path.A task who iterate over the lock_keys_hash\\nlater may cause use-after-free.So fix that up and unregister\\nthe lock_class_key before kfree(cp).\\n\\nOn our platform, a driver fails to kset_register because of\\ncreating duplicate filename \u0027/class/xxx\u0027.With Kasan enabled,\\nit prints a invalid-access bug report.\\n\\nKASAN bug report:\\n\\nBUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc\\nWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252\\nPointer tag: [15], memory tag: [fe]\\n\\nCPU: 7 PID: 252 Comm: modprobe Tainted: G W\\n 6.6.0-mainline-maybe-dirty #1\\n\\nCall trace:\\ndump_backtrace+0x1b0/0x1e4\\nshow_stack+0x2c/0x40\\ndump_stack_lvl+0xac/0xe0\\nprint_report+0x18c/0x4d8\\nkasan_report+0xe8/0x148\\n__hwasan_store8_noabort+0x88/0x98\\nlockdep_register_key+0x19c/0x1bc\\nclass_register+0x94/0x1ec\\ninit_module+0xbc/0xf48 [rfkill]\\ndo_one_initcall+0x17c/0x72c\\ndo_init_module+0x19c/0x3f8\\n...\\nMemory state around the buggy address:\\nffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a\\nffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe\\n\u003effffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe\\n ^\\nffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03\\n\\nAs CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access\\nnot use-after-free here.In this case, modprobe is manipulating\\nthe corrupted lock_keys_hash hlish where lock_class_key is already\\nfreed before.\\n\\nIt\u0027s worth noting that this only can happen if lockdep is enabled,\\nwhich is not true for normal system.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clase: corrige use-after-free en class_register() Lock_class_key todav\u00eda est\u00e1 registrada y se puede encontrar en lock_keys_hash hlist despu\u00e9s de que subsys_private se libere en la ruta del controlador de errores. Una tarea que itera sobre Lock_keys_hash m\u00e1s tarde puede causar use-after-free. As\u00ed que solucione eso y cancele el registro de lock_class_key antes de kfree (cp). En nuestra plataforma, un controlador no logra kset_register debido a que crea un nombre de archivo duplicado \u0027/class/xxx\u0027. Con Kasan habilitado, imprime un informe de error de acceso no v\u00e1lido. Informe de error de KASAN: ERROR: KASAN: acceso no v\u00e1lido en lockdep_register_key+0x19c/0x1bc Escritura de tama\u00f1o 8 en la direcci\u00f3n 15ffff808b8c0368 mediante tarea modprobe/252 Etiqueta de puntero: [15], etiqueta de memoria: [fe] CPU: 7 PID: 252 Comm: modprobe contaminado: GW 6.6.0-mainline-maybe-dirty #1 Rastreo de llamadas: dump_backtrace+0x1b0/0x1e4 show_stack+0x2c/0x40 dump_stack_lvl+0xac/0xe0 print_report+0x18c/0x4d8 kasan_report+0xe8/0x148 __hwasan_store8_noabort+0x 88/0x98 lockdep_register_key+ 0x19c/0x1bc class_register+0x94/0x1ec init_module+0xbc/0xf48 [rfkill] do_one_initcall+0x17c/0x72c do_init_module+0x19c/0x3f8 ... Estado de la memoria alrededor de la direcci\u00f3n del error: ffffff808b8c0100: 8a 8a 8a 8a 8a 8 un 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a ffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe\u0026gt; ffffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ fffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 Como CONFIG_KASAN_GENERIC no est\u00e1 configurado, Kasan informa aqu\u00ed de acceso no v\u00e1lido, no use-after-free. En este caso, modprobe est\u00e1 manipulando el lock_keys_hash hlish corrupto donde lock_class_key ya se liber\u00f3 antes. Vale la pena se\u00f1alar que esto s\u00f3lo puede suceder si lockdep est\u00e1 habilitado, lo cual no es cierto para el sistema normal.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndExcluding\":\"6.6.14\",\"matchCriteriaId\":\"686183E6-D5C3-4A5B-9A18-8E3B4294EA6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"6.7.2\",\"matchCriteriaId\":\"0EA3778C-730B-464C-8023-18CA6AC0B807\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}" } }
gsd-2023-52468
Vulnerability from gsd
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-52468" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclass: fix use-after-free in class_register()\n\nThe lock_class_key is still registered and can be found in\nlock_keys_hash hlist after subsys_private is freed in error\nhandler path.A task who iterate over the lock_keys_hash\nlater may cause use-after-free.So fix that up and unregister\nthe lock_class_key before kfree(cp).\n\nOn our platform, a driver fails to kset_register because of\ncreating duplicate filename \u0027/class/xxx\u0027.With Kasan enabled,\nit prints a invalid-access bug report.\n\nKASAN bug report:\n\nBUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc\nWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252\nPointer tag: [15], memory tag: [fe]\n\nCPU: 7 PID: 252 Comm: modprobe Tainted: G W\n 6.6.0-mainline-maybe-dirty #1\n\nCall trace:\ndump_backtrace+0x1b0/0x1e4\nshow_stack+0x2c/0x40\ndump_stack_lvl+0xac/0xe0\nprint_report+0x18c/0x4d8\nkasan_report+0xe8/0x148\n__hwasan_store8_noabort+0x88/0x98\nlockdep_register_key+0x19c/0x1bc\nclass_register+0x94/0x1ec\ninit_module+0xbc/0xf48 [rfkill]\ndo_one_initcall+0x17c/0x72c\ndo_init_module+0x19c/0x3f8\n...\nMemory state around the buggy address:\nffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a\nffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe\n\u003effffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe\n ^\nffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03\n\nAs CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access\nnot use-after-free here.In this case, modprobe is manipulating\nthe corrupted lock_keys_hash hlish where lock_class_key is already\nfreed before.\n\nIt\u0027s worth noting that this only can happen if lockdep is enabled,\nwhich is not true for normal system.", "id": "GSD-2023-52468", "modified": "2024-02-21T06:01:53.296230Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@kernel.org", "ID": "CVE-2023-52468", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "dcfbb67e48a2", "version_value": "b57196a5ec5e" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.14", "versionType": "custom" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.2", "versionType": "custom" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } } ] } } ] }, "vendor_name": "Linux" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclass: fix use-after-free in class_register()\n\nThe lock_class_key is still registered and can be found in\nlock_keys_hash hlist after subsys_private is freed in error\nhandler path.A task who iterate over the lock_keys_hash\nlater may cause use-after-free.So fix that up and unregister\nthe lock_class_key before kfree(cp).\n\nOn our platform, a driver fails to kset_register because of\ncreating duplicate filename \u0027/class/xxx\u0027.With Kasan enabled,\nit prints a invalid-access bug report.\n\nKASAN bug report:\n\nBUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc\nWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252\nPointer tag: [15], memory tag: [fe]\n\nCPU: 7 PID: 252 Comm: modprobe Tainted: G W\n 6.6.0-mainline-maybe-dirty #1\n\nCall trace:\ndump_backtrace+0x1b0/0x1e4\nshow_stack+0x2c/0x40\ndump_stack_lvl+0xac/0xe0\nprint_report+0x18c/0x4d8\nkasan_report+0xe8/0x148\n__hwasan_store8_noabort+0x88/0x98\nlockdep_register_key+0x19c/0x1bc\nclass_register+0x94/0x1ec\ninit_module+0xbc/0xf48 [rfkill]\ndo_one_initcall+0x17c/0x72c\ndo_init_module+0x19c/0x3f8\n...\nMemory state around the buggy address:\nffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a\nffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe\n\u003effffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe\n ^\nffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03\n\nAs CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access\nnot use-after-free here.In this case, modprobe is manipulating\nthe corrupted lock_keys_hash hlish where lock_class_key is already\nfreed before.\n\nIt\u0027s worth noting that this only can happen if lockdep is enabled,\nwhich is not true for normal system." } ] }, "generator": { "engine": "bippy-8df59b4913de" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04", "refsource": "MISC", "url": "https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04" }, { "name": "https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559", "refsource": "MISC", "url": "https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559" }, { "name": "https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62", "refsource": "MISC", "url": "https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "686183E6-D5C3-4A5B-9A18-8E3B4294EA6A", "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclass: fix use-after-free in class_register()\n\nThe lock_class_key is still registered and can be found in\nlock_keys_hash hlist after subsys_private is freed in error\nhandler path.A task who iterate over the lock_keys_hash\nlater may cause use-after-free.So fix that up and unregister\nthe lock_class_key before kfree(cp).\n\nOn our platform, a driver fails to kset_register because of\ncreating duplicate filename \u0027/class/xxx\u0027.With Kasan enabled,\nit prints a invalid-access bug report.\n\nKASAN bug report:\n\nBUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc\nWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252\nPointer tag: [15], memory tag: [fe]\n\nCPU: 7 PID: 252 Comm: modprobe Tainted: G W\n 6.6.0-mainline-maybe-dirty #1\n\nCall trace:\ndump_backtrace+0x1b0/0x1e4\nshow_stack+0x2c/0x40\ndump_stack_lvl+0xac/0xe0\nprint_report+0x18c/0x4d8\nkasan_report+0xe8/0x148\n__hwasan_store8_noabort+0x88/0x98\nlockdep_register_key+0x19c/0x1bc\nclass_register+0x94/0x1ec\ninit_module+0xbc/0xf48 [rfkill]\ndo_one_initcall+0x17c/0x72c\ndo_init_module+0x19c/0x3f8\n...\nMemory state around the buggy address:\nffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a\nffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe\n\u003effffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe\n ^\nffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03\n\nAs CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access\nnot use-after-free here.In this case, modprobe is manipulating\nthe corrupted lock_keys_hash hlish where lock_class_key is already\nfreed before.\n\nIt\u0027s worth noting that this only can happen if lockdep is enabled,\nwhich is not true for normal system." }, { "lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clase: corrige use-after-free en class_register() Lock_class_key todav\u00eda est\u00e1 registrada y se puede encontrar en lock_keys_hash hlist despu\u00e9s de que subsys_private se libere en la ruta del controlador de errores. Una tarea que itera sobre Lock_keys_hash m\u00e1s tarde puede causar use-after-free. As\u00ed que solucione eso y cancele el registro de lock_class_key antes de kfree (cp). En nuestra plataforma, un controlador no logra kset_register debido a que crea un nombre de archivo duplicado \u0027/class/xxx\u0027. Con Kasan habilitado, imprime un informe de error de acceso no v\u00e1lido. Informe de error de KASAN: ERROR: KASAN: acceso no v\u00e1lido en lockdep_register_key+0x19c/0x1bc Escritura de tama\u00f1o 8 en la direcci\u00f3n 15ffff808b8c0368 mediante tarea modprobe/252 Etiqueta de puntero: [15], etiqueta de memoria: [fe] CPU: 7 PID: 252 Comm: modprobe contaminado: GW 6.6.0-mainline-maybe-dirty #1 Rastreo de llamadas: dump_backtrace+0x1b0/0x1e4 show_stack+0x2c/0x40 dump_stack_lvl+0xac/0xe0 print_report+0x18c/0x4d8 kasan_report+0xe8/0x148 __hwasan_store8_noabort+0x 88/0x98 lockdep_register_key+ 0x19c/0x1bc class_register+0x94/0x1ec init_module+0xbc/0xf48 [rfkill] do_one_initcall+0x17c/0x72c do_init_module+0x19c/0x3f8 ... Estado de la memoria alrededor de la direcci\u00f3n del error: ffffff808b8c0100: 8a 8a 8a 8a 8a 8 un 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a ffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe\u0026gt; ffffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ fffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 Como CONFIG_KASAN_GENERIC no est\u00e1 configurado, Kasan informa aqu\u00ed de acceso no v\u00e1lido, no use-after-free. En este caso, modprobe est\u00e1 manipulando el lock_keys_hash hlish corrupto donde lock_class_key ya se liber\u00f3 antes. Vale la pena se\u00f1alar que esto s\u00f3lo puede suceder si lockdep est\u00e1 habilitado, lo cual no es cierto para el sistema normal." } ], "id": "CVE-2023-52468", "lastModified": "2024-04-17T19:00:42.287", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-02-26T16:27:48.710", "references": [ { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ], "url": "https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ], "url": "https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ], "url": "https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04" } ], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
wid-sec-w-2024-0475
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0475 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0475.json" }, { "category": "self", "summary": "WID-SEC-2024-0475 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0475" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0855-1 vom 2024-03-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018151.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-061 vom 2024-03-06", "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-061.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0858-1 vom 2024-03-13", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018153.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0900-1 vom 2024-03-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018167.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1332 vom 2024-03-14", "url": "https://access.redhat.com/errata/RHSA-2024:1332" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1249 vom 2024-03-12", "url": "https://access.redhat.com/errata/RHSA-2024:1249" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1250 vom 2024-03-12", "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6688-1 vom 2024-03-11", "url": "https://ubuntu.com/security/notices/USN-6688-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1306 vom 2024-03-13", "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022325-CVE-2023-52453-9f24%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022325-CVE-2024-26594-1cbc%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022330-CVE-2023-52454-5cf0%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022331-CVE-2023-52455-a28f%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022331-CVE-2023-52456-f9dd%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022332-CVE-2023-52457-c7b9%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022332-CVE-2023-52458-d1cd%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022333-CVE-2023-52459-f653%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022333-CVE-2023-52460-a52b%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022334-CVE-2023-52461-a619%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022335-CVE-2023-52462-b663%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022335-CVE-2023-52463-6195%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022336-CVE-2023-52464-b17c%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022336-CVE-2024-26595-9a8d%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022337-CVE-2024-26596-57cb%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022337-CVE-2024-26597-be75%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022338-CVE-2024-26598-24f4%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022338-CVE-2024-26599-cd65%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022405-CVE-2024-26600-44a2%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022411-CVE-2024-26601-b6ac%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022414-CVE-2024-26602-5e76%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022415-CVE-2024-26603-42c2%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022416-CVE-2024-26604-71a3%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022539-CVE-2023-52465-2e75%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022544-CVE-2023-52466-fea5%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022544-CVE-2023-52467-434b%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022545-CVE-2023-52468-59a2%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022546-CVE-2023-52469-5141%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022546-CVE-2023-52470-44d1%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022546-CVE-2023-52471-ab29%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022547-CVE-2023-52472-fa03%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022547-CVE-2023-52473-c3cc%40gregkh/" }, { "category": "external", "summary": "VE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022555-CVE-2021-46904-d49f%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507%40gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-25", "url": "http://lore.kernel.org/linux-cve-announce/2024022558-CVE-2022-48626-8a90%40gregkh/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0900-2 vom 2024-03-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018182.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0910-1 vom 2024-03-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018181.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6707-1 vom 2024-03-20", "url": "https://ubuntu.com/security/notices/USN-6707-1" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-1249 vom 2024-03-21", "url": "https://linux.oracle.com/errata/ELSA-2024-1249.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6707-2 vom 2024-03-21", "url": "https://ubuntu.com/security/notices/USN-6707-2" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0977-1 vom 2024-03-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018210.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6707-3 vom 2024-03-26", "url": "https://ubuntu.com/security/notices/USN-6707-3" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1533 vom 2024-03-27", "url": "https://access.redhat.com/errata/RHSA-2024:1533" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1532 vom 2024-03-27", "url": "https://access.redhat.com/errata/RHSA-2024:1532" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2024-040 vom 2024-04-01", "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-040.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6707-4 vom 2024-03-28", "url": "https://ubuntu.com/security/notices/USN-6707-4" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-052 vom 2024-04-01", "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-052.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1653 vom 2024-04-03", "url": "https://access.redhat.com/errata/RHSA-2024:1653" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6725-1 vom 2024-04-09", "url": "https://ubuntu.com/security/notices/USN-6725-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6726-1 vom 2024-04-09", "url": "https://ubuntu.com/security/notices/USN-6726-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6726-2 vom 2024-04-16", "url": "https://ubuntu.com/security/notices/USN-6726-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6725-2 vom 2024-04-16", "url": "https://ubuntu.com/security/notices/USN-6725-2" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1320-1 vom 2024-04-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018372.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1321-1 vom 2024-04-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018375.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1322-1 vom 2024-04-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018374.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6726-3 vom 2024-04-17", "url": "https://ubuntu.com/security/notices/USN-6726-3" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1332-2 vom 2024-04-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018378.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1322-2 vom 2024-04-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018377.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1332-1 vom 2024-04-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018376.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6740-1 vom 2024-04-19", "url": "https://ubuntu.com/security/notices/USN-6740-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2008 vom 2024-04-23", "url": "https://access.redhat.com/errata/RHSA-2024:2008" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2006 vom 2024-04-23", "url": "https://access.redhat.com/errata/RHSA-2024:2006" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-2004 vom 2024-04-25", "url": "http://linux.oracle.com/errata/ELSA-2024-2004.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1466-1 vom 2024-04-29", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018438.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2394 vom 2024-04-30", "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1480-1 vom 2024-04-30", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018444.html" }, { "category": "external", "summary": "Ubuntu Security Notice LSN-0103-1 vom 2024-04-30", "url": "https://ubuntu.com/security/notices/LSN-0103-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2585 vom 2024-04-30", "url": "https://access.redhat.com/errata/RHSA-2024:2585" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2582 vom 2024-04-30", "url": "https://access.redhat.com/errata/RHSA-2024:2582" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1490-1 vom 2024-05-03", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018445.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-5681 vom 2024-05-06", "url": "https://lists.debian.org/debian-security-announce/2024/msg00090.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-5680 vom 2024-05-06", "url": "https://lists.debian.org/debian-security-announce/2024/msg00089.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6767-1 vom 2024-05-07", "url": "https://ubuntu.com/security/notices/USN-6767-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6766-1 vom 2024-05-07", "url": "https://ubuntu.com/security/notices/USN-6766-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6765-1 vom 2024-05-07", "url": "https://ubuntu.com/security/notices/USN-6765-1" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08", "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-=" }, { "category": "external", "summary": "Insyde Security Advisory INSYDE-SA-2024002 vom 2024-05-14", "url": "https://www.insyde.com/security-pledge/SA-2024002" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6767-2 vom 2024-05-14", "url": "https://ubuntu.com/security/notices/USN-6767-2" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1644-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018528.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1641-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018531.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1647-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018525.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1659-1 vom 2024-05-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6766-2 vom 2024-05-15", "url": "https://ubuntu.com/security/notices/USN-6766-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6766-3 vom 2024-05-20", "url": "https://ubuntu.com/security/notices/USN-6766-3" }, { "category": "external", "summary": "F5 Security Advisory K000139682 vom 2024-05-20", "url": "https://my.f5.com/manage/s/article/K000139682" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3138 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2950 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6795-1 vom 2024-05-28", "url": "https://ubuntu.com/security/notices/USN-6795-1" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3618" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3627" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06", "url": "https://linux.oracle.com/errata/ELSA-2024-3618.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6820-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6820-1" }, { "category": "external", "summary": "IBM Security Bulletin 7156774 vom 2024-06-07", "url": "https://www.ibm.com/support/pages/node/7156774" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6821-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6821-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6818-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6818-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6819-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6819-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6818-2 vom 2024-06-10", "url": "https://ubuntu.com/security/notices/USN-6818-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6821-2 vom 2024-06-10", "url": "https://ubuntu.com/security/notices/USN-6821-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6820-2 vom 2024-06-11", "url": "https://ubuntu.com/security/notices/USN-6820-2" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3810 vom 2024-06-11", "url": "https://access.redhat.com/errata/RHSA-2024:3810" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6819-2 vom 2024-06-12", "url": "https://ubuntu.com/security/notices/USN-6819-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6821-3 vom 2024-06-11", "url": "https://ubuntu.com/security/notices/USN-6821-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6828-1 vom 2024-06-11", "url": "https://ubuntu.com/security/notices/USN-6828-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3855 vom 2024-06-12", "url": "https://access.redhat.com/errata/RHSA-2024:3855" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3854 vom 2024-06-12", "url": "https://access.redhat.com/errata/RHSA-2024:3854" }, { "category": "external", "summary": "Ubuntu Security Notice LSN-0104-1 vom 2024-06-11", "url": "https://ubuntu.com/security/notices/LSN-0104-1" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2008-1 vom 2024-06-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018706.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6819-3 vom 2024-06-12", "url": "https://ubuntu.com/security/notices/USN-6819-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6821-4 vom 2024-06-14", "url": "https://ubuntu.com/security/notices/USN-6821-4" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6818-3 vom 2024-06-14", "url": "https://ubuntu.com/security/notices/USN-6818-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6818-4 vom 2024-06-19", "url": "https://ubuntu.com/security/notices/USN-6818-4" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2135-1 vom 2024-06-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018783.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3841 vom 2024-06-25", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3842 vom 2024-06-25", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2190-1 vom 2024-06-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018819.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6819-4 vom 2024-06-26", "url": "https://ubuntu.com/security/notices/USN-6819-4" }, { "category": "external", "summary": "Debian Security Advisory DLA-3840 vom 2024-06-27", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2024-2525 vom 2024-06-28", "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2525.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4211 vom 2024-07-02", "url": "https://access.redhat.com/errata/RHSA-2024:4211" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03", "url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-4211 vom 2024-07-03", "url": "https://linux.oracle.com/errata/ELSA-2024-4211.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6871-1 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6871-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4352 vom 2024-07-08", "url": "https://access.redhat.com/errata/RHSA-2024:4352" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4415 vom 2024-07-09", "url": "https://access.redhat.com/errata/RHSA-2024:4415" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6892-1 vom 2024-07-10", "url": "https://ubuntu.com/security/notices/USN-6892-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10", "url": "https://access.redhat.com/errata/RHSA-2024:4321" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-1 vom 2024-07-12", "url": "https://ubuntu.com/security/notices/USN-6895-1" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:4352 vom 2024-07-15", "url": "https://errata.build.resf.org/RLSA-2024:4352" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15", "url": "https://errata.build.resf.org/RLSA-2024:4211" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-2 vom 2024-07-16", "url": "https://ubuntu.com/security/notices/USN-6895-2" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18", "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-3 vom 2024-07-19", "url": "https://ubuntu.com/security/notices/USN-6895-3" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4740 vom 2024-07-24", "url": "https://access.redhat.com/errata/RHSA-2024:4740" }, { "category": "external", "summary": "F5 Security Advisory K000140297 vom 2023-07-26", "url": "https://my.f5.com/manage/s/article/K000140297" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6919-1 vom 2024-07-26", "url": "https://ubuntu.com/security/notices/USN-6919-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6926-1 vom 2024-07-29", "url": "https://ubuntu.com/security/notices/USN-6926-1" }, { "category": "external", "summary": "IBM Security Bulletin 7161794 vom 2024-07-29", "url": "https://www.ibm.com/support/pages/node/7161794" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4928 vom 2024-07-31", "url": "https://access.redhat.com/errata/RHSA-2024:4928" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:4928 vom 2024-08-01", "url": "https://errata.build.resf.org/RLSA-2024:4928" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6938-1 vom 2024-07-31", "url": "https://ubuntu.com/security/notices/USN-6938-1" }, { "category": "external", "summary": "IBM Security Bulletin 7162077 vom 2024-07-31", "url": "https://www.ibm.com/support/pages/node/7162077" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-4928 vom 2024-08-01", "url": "https://linux.oracle.com/errata/ELSA-2024-4928.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6926-2 vom 2024-08-01", "url": "https://ubuntu.com/security/notices/USN-6926-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-4 vom 2024-08-05", "url": "https://ubuntu.com/security/notices/USN-6895-4" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06", "url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:5067 vom 2024-08-07", "url": "https://access.redhat.com/errata/RHSA-2024:5067" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:5066 vom 2024-08-07", "url": "https://access.redhat.com/errata/RHSA-2024:5066" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2802-1 vom 2024-08-07", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019133.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:5102 vom 2024-08-08", "url": "https://access.redhat.com/errata/RHSA-2024:5102" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:5101 vom 2024-08-08", "url": "https://access.redhat.com/errata/RHSA-2024:5101" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6926-3 vom 2024-08-09", "url": "https://ubuntu.com/security/notices/USN-6926-3" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-5101 vom 2024-08-09", "url": "https://linux.oracle.com/errata/ELSA-2024-5101.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2896-1 vom 2024-08-13", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019185.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:5363 vom 2024-08-14", "url": "https://access.redhat.com/errata/RHSA-2024:5363" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-5363 vom 2024-08-15", "url": "https://linux.oracle.com/errata/ELSA-2024-5363.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1489-1 vom 2024-08-19", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/D5LYDXV5ACGHUYO5XWLWD5VAOA5HLJ7U/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1465-1 vom 2024-08-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019273.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2203-1 vom 2024-08-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019244.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1663-1 vom 2024-08-19", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MFQEXBT2XPZQJMUF7MN6ZVO5FXVY4NKK/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1669-1 vom 2024-08-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019269.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2973-1 vom 2024-08-20", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019280.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:5672 vom 2024-08-21", "url": "https://access.redhat.com/errata/RHSA-2024:5672" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:5673 vom 2024-08-21", "url": "https://access.redhat.com/errata/RHSA-2024:5673" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6976-1 vom 2024-08-22", "url": "https://ubuntu.com/security/notices/USN-6976-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6972-1 vom 2024-08-21", "url": "https://ubuntu.com/security/notices/USN-6972-1" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:5102 vom 2024-08-21", "url": "https://errata.build.resf.org/RLSA-2024:5102" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:5101 vom 2024-08-21", "url": "https://errata.build.resf.org/RLSA-2024:5101" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6971-1 vom 2024-08-21", "url": "https://ubuntu.com/security/notices/USN-6971-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6972-2 vom 2024-08-22", "url": "https://ubuntu.com/security/notices/USN-6972-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6973-2 vom 2024-08-23", "url": "https://ubuntu.com/security/notices/USN-6972-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6972-4 vom 2024-08-29", "url": "https://ubuntu.com/security/notices/USN-6972-4" }, { "category": "external", "summary": "IBM Security Bulletin 7167662 vom 2024-09-05", "url": "https://www.ibm.com/support/pages/node/7167662" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:3190-1 vom 2024-09-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019403.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:6567 vom 2024-09-11", "url": "https://access.redhat.com/errata/RHSA-2024:6567" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-6567 vom 2024-09-12", "url": "https://linux.oracle.com/errata/ELSA-2024-6567.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:3209-1 vom 2024-09-11", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YNWVZVIFSX7PLBJX3I3PDZ4MIBERTN2Y/" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:6567 vom 2024-09-17", "url": "https://errata.build.resf.org/RLSA-2024:6567" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:7001 vom 2024-09-24", "url": "https://access.redhat.com/errata/RHSA-2024:7001" }, { "category": "external", "summary": "IBM Security Bulletin 7169778 vom 2024-09-24", "url": "https://www.ibm.com/support/pages/node/7169778" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:7000 vom 2024-09-24", "url": "https://access.redhat.com/errata/RHSA-2024:7000" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-7000 vom 2024-09-26", "url": "https://linux.oracle.com/errata/ELSA-2024-7000.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:7001 vom 2024-09-30", "url": "https://errata.build.resf.org/RLSA-2024:7001" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10", "url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities" }, { "category": "external", "summary": "Ubuntu Security Notice USN-7069-1 vom 2024-10-16", "url": "https://ubuntu.com/security/notices/USN-7069-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:8161 vom 2024-10-16", "url": "https://access.redhat.com/errata/RHSA-2024:8161" }, { "category": "external", "summary": "Ubuntu Security Notice USN-7069-2 vom 2024-10-17", "url": "https://ubuntu.com/security/notices/USN-7069-2" }, { "category": "external", "summary": "IBM Security Bulletin 7173960 vom 2024-10-23", "url": "https://www.ibm.com/support/pages/node/7173960" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23", "url": "https://access.redhat.com/errata/RHSA-2024:8318" }, { "category": "external", "summary": "IBM Security Bulletin", "url": "https://www.ibm.com/support/pages/node/7174634" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:9315 vom 2024-11-12", "url": "https://access.redhat.com/errata/RHSA-2024:9315" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:10771 vom 2024-12-04", "url": "https://access.redhat.com/errata/RHSA-2024:10771" } ], "source_lang": "en-US", "title": "Linux-Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service und unspezifische Angriffe", "tracking": { "current_release_date": "2024-12-03T23:00:00.000+00:00", "generator": { "date": "2024-12-04T11:19:58.571+00:00", "engine": { "name": "BSI-WID", "version": "1.3.10" } }, "id": "WID-SEC-W-2024-0475", "initial_release_date": "2024-02-25T23:00:00.000+00:00", "revision_history": [ { "date": "2024-02-25T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-03-05T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-03-11T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen" }, { "date": "2024-03-12T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-03-13T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-03-14T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE und Red Hat aufgenommen" }, { "date": "2024-03-17T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-03-20T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen" }, { "date": "2024-03-21T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-03-24T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-03-25T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-03-26T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-04-01T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Amazon und Ubuntu aufgenommen" }, { "date": "2024-04-02T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-04-09T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-04-16T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Ubuntu und SUSE aufgenommen" }, { "date": "2024-04-17T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-04-18T22:00:00.000+00:00", "number": "18", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-04-21T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-04-23T22:00:00.000+00:00", "number": "20", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-04-24T22:00:00.000+00:00", "number": "21", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-04-28T22:00:00.000+00:00", "number": "22", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-04-29T22:00:00.000+00:00", "number": "23", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-01T22:00:00.000+00:00", "number": "24", "summary": "Neue Updates von SUSE, Ubuntu und Red Hat aufgenommen" }, { "date": "2024-05-02T22:00:00.000+00:00", "number": "25", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-06T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2024-05-07T22:00:00.000+00:00", "number": "27", "summary": "Neue Updates von Ubuntu und Dell aufgenommen" }, { "date": "2024-05-13T22:00:00.000+00:00", "number": "28", "summary": "Neue Updates von Insyde aufgenommen" }, { "date": "2024-05-14T22:00:00.000+00:00", "number": "29", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-15T22:00:00.000+00:00", "number": "30", "summary": "Neue Updates von SUSE und Ubuntu aufgenommen" }, { "date": "2024-05-20T22:00:00.000+00:00", "number": "31", "summary": "Neue Updates von Ubuntu und F5 aufgenommen" }, { "date": "2024-05-21T22:00:00.000+00:00", "number": "32", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-28T22:00:00.000+00:00", "number": "33", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-05-30T22:00:00.000+00:00", "number": "34", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-04T22:00:00.000+00:00", "number": "35", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-06T22:00:00.000+00:00", "number": "36", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-06-09T22:00:00.000+00:00", "number": "37", "summary": "Neue Updates von Ubuntu und IBM aufgenommen" }, { "date": "2024-06-10T22:00:00.000+00:00", "number": "38", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-06-11T22:00:00.000+00:00", "number": "39", "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen" }, { "date": "2024-06-12T22:00:00.000+00:00", "number": "40", "summary": "Neue Updates von SUSE und Ubuntu aufgenommen" }, { "date": "2024-06-16T22:00:00.000+00:00", "number": "41", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-06-18T22:00:00.000+00:00", "number": "42", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-06-23T22:00:00.000+00:00", "number": "43", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-25T22:00:00.000+00:00", "number": "44", "summary": "Neue Updates von Debian und SUSE aufgenommen" }, { "date": "2024-06-26T22:00:00.000+00:00", "number": "45", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-06-27T22:00:00.000+00:00", "number": "46", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2024-06-30T22:00:00.000+00:00", "number": "47", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-07-01T22:00:00.000+00:00", "number": "48", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-02T22:00:00.000+00:00", "number": "49", "summary": "Neue Updates von Dell und Oracle Linux aufgenommen" }, { "date": "2024-07-03T22:00:00.000+00:00", "number": "50", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-07-07T22:00:00.000+00:00", "number": "51", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-09T22:00:00.000+00:00", "number": "52", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-10T22:00:00.000+00:00", "number": "53", "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen" }, { "date": "2024-07-14T22:00:00.000+00:00", "number": "54", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-07-15T22:00:00.000+00:00", "number": "55", "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen" }, { "date": "2024-07-18T22:00:00.000+00:00", "number": "56", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-23T22:00:00.000+00:00", "number": "57", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-24T22:00:00.000+00:00", "number": "58", "summary": "Neue Updates von F5 aufgenommen" }, { "date": "2024-07-28T22:00:00.000+00:00", "number": "59", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-07-29T22:00:00.000+00:00", "number": "60", "summary": "Neue Updates von Ubuntu und IBM aufgenommen" }, { "date": "2024-07-30T22:00:00.000+00:00", "number": "61", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-31T22:00:00.000+00:00", "number": "62", "summary": "Neue Updates von Rocky Enterprise Software Foundation, Ubuntu, IBM und Oracle Linux aufgenommen" }, { "date": "2024-08-01T22:00:00.000+00:00", "number": "63", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-08-04T22:00:00.000+00:00", "number": "64", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-08-05T22:00:00.000+00:00", "number": "65", "summary": "Neue Updates von Dell aufgenommen" }, { "date": "2024-08-06T22:00:00.000+00:00", "number": "66", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-08-07T22:00:00.000+00:00", "number": "67", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-08-11T22:00:00.000+00:00", "number": "68", "summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen" }, { "date": "2024-08-13T22:00:00.000+00:00", "number": "69", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-08-14T22:00:00.000+00:00", "number": "70", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-08-19T22:00:00.000+00:00", "number": "71", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-08-20T22:00:00.000+00:00", "number": "72", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-08-21T22:00:00.000+00:00", "number": "73", "summary": "Neue Updates von Ubuntu und Rocky Enterprise Software Foundation aufgenommen" }, { "date": "2024-08-22T22:00:00.000+00:00", "number": "74", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-08-25T22:00:00.000+00:00", "number": "75", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-08-28T22:00:00.000+00:00", "number": "76", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-09-05T22:00:00.000+00:00", "number": "77", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-09-10T22:00:00.000+00:00", "number": "78", "summary": "Neue Updates von SUSE und Red Hat aufgenommen" }, { "date": "2024-09-11T22:00:00.000+00:00", "number": "79", "summary": "Neue Updates von Oracle Linux und SUSE aufgenommen" }, { "date": "2024-09-16T22:00:00.000+00:00", "number": "80", "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen" }, { "date": "2024-09-23T22:00:00.000+00:00", "number": "81", "summary": "Neue Updates von Red Hat und IBM aufgenommen" }, { "date": "2024-09-25T22:00:00.000+00:00", "number": "82", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-09-29T22:00:00.000+00:00", "number": "83", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-09-30T22:00:00.000+00:00", "number": "84", "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen" }, { "date": "2024-10-09T22:00:00.000+00:00", "number": "85", "summary": "Neue Updates von Dell aufgenommen" }, { "date": "2024-10-15T22:00:00.000+00:00", "number": "86", "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen" }, { "date": "2024-10-17T22:00:00.000+00:00", "number": "87", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-10-23T22:00:00.000+00:00", "number": "88", "summary": "Neue Updates von IBM und Red Hat aufgenommen" }, { "date": "2024-10-31T23:00:00.000+00:00", "number": "89", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-11-12T23:00:00.000+00:00", "number": "90", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-12-03T23:00:00.000+00:00", "number": "91", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "91" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Dell NetWorker", "product": { "name": "Dell NetWorker", "product_id": "T024663", "product_identification_helper": { "cpe": "cpe:/a:dell:networker:-" } } }, { "category": "product_version", "name": "virtual", "product": { "name": "Dell NetWorker virtual", "product_id": "T034583", "product_identification_helper": { "cpe": "cpe:/a:dell:networker:virtual" } } }, { "category": "product_version_range", "name": "\u003c19.11", "product": { "name": "Dell NetWorker \u003c19.11", "product_id": "T035785" } }, { "category": "product_version", "name": "19.11", "product": { "name": "Dell NetWorker 19.11", "product_id": "T035785-fixed", "product_identification_helper": { "cpe": "cpe:/a:dell:networker:19.11" } } } ], "category": "product_name", "name": "NetWorker" } ], "category": "vendor", "name": "Dell" }, { "branches": [ { "category": "product_name", "name": "EMC Avamar", "product": { "name": "EMC Avamar", "product_id": "T014381", "product_identification_helper": { "cpe": "cpe:/a:emc:avamar:-" } } } ], "category": "vendor", "name": "EMC" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP", "product": { "name": "F5 BIG-IP", "product_id": "T001663", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip:-" } } } ], "category": "vendor", "name": "F5" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "24.0.0", "product": { "name": "IBM Business Automation Workflow 24.0.0", "product_id": "T036570", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0" } } } ], "category": "product_name", "name": "Business Automation Workflow" }, { "branches": [ { "category": "product_name", "name": "IBM QRadar SIEM", "product": { "name": "IBM QRadar SIEM", "product_id": "T021415", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:-" } } }, { "category": "product_version_range", "name": "\u003c7.5.0 UP10 IF01", "product": { "name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01", "product_id": "T038741" } }, { "category": "product_version", "name": "7.5.0 UP10 IF01", "product": { "name": "IBM QRadar SIEM 7.5.0 UP10 IF01", "product_id": "T038741-fixed", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01" } } } ], "category": "product_name", "name": "QRadar SIEM" }, { "branches": [ { "category": "product_version", "name": "11.4", "product": { "name": "IBM Security Guardium 11.4", "product_id": "1076561", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:11.4" } } }, { "category": "product_version", "name": "11.5", "product": { "name": "IBM Security Guardium 11.5", "product_id": "1411051", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:11.5" } } }, { "category": "product_version", "name": "12", "product": { "name": "IBM Security Guardium 12.0", "product_id": "T031092", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:12.0" } } } ], "category": "product_name", "name": "Security Guardium" }, { "branches": [ { "category": "product_version_range", "name": "\u003c10.1.16.3", "product": { "name": "IBM Spectrum Protect Plus \u003c10.1.16.3", "product_id": "T037795" } }, { "category": "product_version", "name": "10.1.16.3", "product": { "name": "IBM Spectrum Protect Plus 10.1.16.3", "product_id": "T037795-fixed", "product_identification_helper": { "cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.16.3" } } } ], "category": "product_name", "name": "Spectrum Protect Plus" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel", "product": { "name": "Insyde UEFI Firmware kernel", "product_id": "T034716", "product_identification_helper": { "cpe": "cpe:/h:insyde:uefi:kernel" } } } ], "category": "product_name", "name": "UEFI Firmware" } ], "category": "vendor", "name": "Insyde" }, { "branches": [ { "category": "product_name", "name": "Open Source Linux Kernel", "product": { "name": "Open Source Linux Kernel", "product_id": "T032006", "product_identification_helper": { "cpe": "cpe:/o:linux:linux_kernel:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "RESF Rocky Linux", "product": { "name": "RESF Rocky Linux", "product_id": "T032255", "product_identification_helper": { "cpe": "cpe:/o:resf:rocky_linux:-" } } } ], "category": "vendor", "name": "RESF" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-46904", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2021-46904" }, { "cve": "CVE-2021-46905", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2021-46905" }, { "cve": "CVE-2022-48626", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2022-48626" }, { "cve": "CVE-2023-52453", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52453" }, { "cve": "CVE-2023-52454", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52454" }, { "cve": "CVE-2023-52455", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52455" }, { "cve": "CVE-2023-52456", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52456" }, { "cve": "CVE-2023-52457", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52457" }, { "cve": "CVE-2023-52458", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52458" }, { "cve": "CVE-2023-52459", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52459" }, { "cve": "CVE-2023-52460", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52460" }, { "cve": "CVE-2023-52461", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52461" }, { "cve": "CVE-2023-52462", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52462" }, { "cve": "CVE-2023-52463", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52463" }, { "cve": "CVE-2023-52464", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52464" }, { "cve": "CVE-2023-52465", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52465" }, { "cve": "CVE-2023-52466", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52466" }, { "cve": "CVE-2023-52467", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52467" }, { "cve": "CVE-2023-52468", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52468" }, { "cve": "CVE-2023-52469", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52469" }, { "cve": "CVE-2023-52470", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52470" }, { "cve": "CVE-2023-52471", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52471" }, { "cve": "CVE-2023-52472", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52472" }, { "cve": "CVE-2023-52473", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2023-52473" }, { "cve": "CVE-2024-26594", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26594" }, { "cve": "CVE-2024-26595", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26595" }, { "cve": "CVE-2024-26596", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26596" }, { "cve": "CVE-2024-26597", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26597" }, { "cve": "CVE-2024-26598", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26598" }, { "cve": "CVE-2024-26599", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26599" }, { "cve": "CVE-2024-26600", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26600" }, { "cve": "CVE-2024-26601", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26601" }, { "cve": "CVE-2024-26602", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26602" }, { "cve": "CVE-2024-26603", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26603" }, { "cve": "CVE-2024-26604", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26604" }, { "cve": "CVE-2024-26605", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T032006", "T034716", "67646", "1076561", "T034583", "T004914", "T032255", "T035785", "T038741", "T037795", "T014381", "T036570", "2951", "T002207", "T000126", "T021415", "T031092", "T024663", "T001663", "398363", "1411051" ] }, "release_date": "2024-02-25T23:00:00.000+00:00", "title": "CVE-2024-26605" } ] }
ghsa-p88p-j9px-cq4j
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
class: fix use-after-free in class_register()
The lock_class_key is still registered and can be found in lock_keys_hash hlist after subsys_private is freed in error handler path.A task who iterate over the lock_keys_hash later may cause use-after-free.So fix that up and unregister the lock_class_key before kfree(cp).
On our platform, a driver fails to kset_register because of creating duplicate filename '/class/xxx'.With Kasan enabled, it prints a invalid-access bug report.
KASAN bug report:
BUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc Write of size 8 at addr 15ffff808b8c0368 by task modprobe/252 Pointer tag: [15], memory tag: [fe]
CPU: 7 PID: 252 Comm: modprobe Tainted: G W 6.6.0-mainline-maybe-dirty #1
Call trace: dump_backtrace+0x1b0/0x1e4 show_stack+0x2c/0x40 dump_stack_lvl+0xac/0xe0 print_report+0x18c/0x4d8 kasan_report+0xe8/0x148 __hwasan_store8_noabort+0x88/0x98 lockdep_register_key+0x19c/0x1bc class_register+0x94/0x1ec init_module+0xbc/0xf48 [rfkill] do_one_initcall+0x17c/0x72c do_init_module+0x19c/0x3f8 ... Memory state around the buggy address: ffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a ffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe
ffffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ ffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03
As CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access not use-after-free here.In this case, modprobe is manipulating the corrupted lock_keys_hash hlish where lock_class_key is already freed before.
It's worth noting that this only can happen if lockdep is enabled, which is not true for normal system.
{ "affected": [], "aliases": [ "CVE-2023-52468" ], "database_specific": { "cwe_ids": [ "CWE-416" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-02-26T16:27:48Z", "severity": "HIGH" }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclass: fix use-after-free in class_register()\n\nThe lock_class_key is still registered and can be found in\nlock_keys_hash hlist after subsys_private is freed in error\nhandler path.A task who iterate over the lock_keys_hash\nlater may cause use-after-free.So fix that up and unregister\nthe lock_class_key before kfree(cp).\n\nOn our platform, a driver fails to kset_register because of\ncreating duplicate filename \u0027/class/xxx\u0027.With Kasan enabled,\nit prints a invalid-access bug report.\n\nKASAN bug report:\n\nBUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc\nWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252\nPointer tag: [15], memory tag: [fe]\n\nCPU: 7 PID: 252 Comm: modprobe Tainted: G W\n 6.6.0-mainline-maybe-dirty #1\n\nCall trace:\ndump_backtrace+0x1b0/0x1e4\nshow_stack+0x2c/0x40\ndump_stack_lvl+0xac/0xe0\nprint_report+0x18c/0x4d8\nkasan_report+0xe8/0x148\n__hwasan_store8_noabort+0x88/0x98\nlockdep_register_key+0x19c/0x1bc\nclass_register+0x94/0x1ec\ninit_module+0xbc/0xf48 [rfkill]\ndo_one_initcall+0x17c/0x72c\ndo_init_module+0x19c/0x3f8\n...\nMemory state around the buggy address:\nffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a\nffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe\n\u003effffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe\n ^\nffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03\n\nAs CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access\nnot use-after-free here.In this case, modprobe is manipulating\nthe corrupted lock_keys_hash hlish where lock_class_key is already\nfreed before.\n\nIt\u0027s worth noting that this only can happen if lockdep is enabled,\nwhich is not true for normal system.", "id": "GHSA-p88p-j9px-cq4j", "modified": "2024-04-17T21:30:45Z", "published": "2024-02-26T18:30:28Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52468" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.