Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2024:8870
Vulnerability from osv_almalinux
Published
2024-11-05 00:00
Modified
2024-11-06 09:52
Summary
Moderate: kernel-rt security update
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)
- kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)
- kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)
- kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
- kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)
- kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)
- kernel: nouveau: lock the client object tree. (CVE-2024-27062)
- kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)
- kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)
- kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)
- kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
- kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)
- kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
- kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
- kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)
- kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)
- kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)
- kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
- kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)
- kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)
- kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)
- kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
- kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)
- kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)
- kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)
- kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)
- kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)
- kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
- kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
- kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
- kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)
- kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
- kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)
- kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)
- kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)
- kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
- kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
- kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)
- kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)
- kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)
- kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)
- kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. \n\nSecurity Fix(es): \n\n * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)\n * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)\n * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)\n * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)\n * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)\n * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)\n * kernel: nouveau: lock the client object tree. (CVE-2024-27062)\n * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)\n * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)\n * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)\n * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)\n * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)\n * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)\n * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)\n * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)\n * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)\n * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)\n * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)\n * kernel: ACPICA: Revert \u0026#34;ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\u0026#34; (CVE-2024-40984)\n * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)\n * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)\n * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)\n * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)\n * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)\n * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)\n * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)\n * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)\n * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)\n * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)\n * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)\n * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)\n * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)\n * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)\n * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)\n * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)\n * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)\n * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)\n * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)\n * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)\n * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)\n * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)\n * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:8870",
"modified": "2024-11-06T09:52:31Z",
"published": "2024-11-05T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:8870"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-48773"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-48936"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-52492"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-24857"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-26851"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-26924"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-26976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-27017"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-27062"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-35839"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-35898"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-35939"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38540"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38541"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38586"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38608"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-39503"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-40924"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-40961"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-40983"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-40984"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41009"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41042"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41066"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41092"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41093"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42070"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42079"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42244"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42284"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42292"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42301"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43854"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43880"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43889"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43892"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-44935"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-44989"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-44990"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-45018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-46826"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47668"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2266247"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2269183"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2275750"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2277168"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278262"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278350"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278387"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2281284"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2281669"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2281817"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2293356"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2293402"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2293458"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2293459"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297475"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297508"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297545"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297567"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297568"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2298109"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2298412"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300412"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300442"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300487"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300488"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300508"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300517"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307862"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307865"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307892"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2309852"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2309853"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2311715"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2315178"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2317601"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-8870.html"
}
],
"related": [
"CVE-2024-24857",
"CVE-2023-52492",
"CVE-2024-26851",
"CVE-2024-26924",
"CVE-2024-27017",
"CVE-2024-26976",
"CVE-2024-27062",
"CVE-2024-35839",
"CVE-2024-35898",
"CVE-2024-35939",
"CVE-2024-38608",
"CVE-2024-38586",
"CVE-2024-38541",
"CVE-2024-38540",
"CVE-2024-39503",
"CVE-2024-40924",
"CVE-2024-40961",
"CVE-2024-40983",
"CVE-2024-40984",
"CVE-2022-48773",
"CVE-2024-41009",
"CVE-2024-41042",
"CVE-2024-41066",
"CVE-2024-41092",
"CVE-2024-41093",
"CVE-2024-42070",
"CVE-2024-42079",
"CVE-2024-42244",
"CVE-2024-42284",
"CVE-2024-42292",
"CVE-2024-42301",
"CVE-2024-43854",
"CVE-2024-43880",
"CVE-2022-48936",
"CVE-2024-43889",
"CVE-2024-43892",
"CVE-2024-44935",
"CVE-2024-44989",
"CVE-2024-44990",
"CVE-2024-45018",
"CVE-2024-46826",
"CVE-2024-47668"
],
"summary": "Moderate: kernel-rt security update"
}
CVE-2024-27017 (GCVE-0-2024-27017)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:30 – Updated: 2026-05-23 15:41
VLAI
EPSS
Title
netfilter: nft_set_pipapo: walk over current view on netlink dump
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: walk over current view on netlink dump
The generation mask can be updated while netlink dump is in progress.
The pipapo set backend walk iterator cannot rely on it to infer what
view of the datastructure is to be used. Add notation to specify if user
wants to read/update the set.
Based on patch from Florian Westphal.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/ff89db14c63a82706… | |
| https://git.kernel.org/stable/c/ce9fef54c5ec9912a… | |
| https://git.kernel.org/stable/c/52735a010f37580b3… | |
| https://git.kernel.org/stable/c/f24d8abc2bb8cbf31… | |
| https://git.kernel.org/stable/c/721715655c7264056… | |
| https://git.kernel.org/stable/c/29b359cf6d95fd607… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2a90da8e0dd50f42e577988f4219f4f4cd3616b7 , < ff89db14c63a827066446460e39226c0688ef786
(git)
Affected: 45eb6944d0f55102229115de040ef3a48841434a , < ce9fef54c5ec9912a0c9a47bac3195cc41b14679 (git) Affected: 0d836f917520300a8725a5dbdad4406438d0cead , < 52735a010f37580b3a569a996f878fdd87425650 (git) Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < f24d8abc2bb8cbf31ec713336e402eafa8f42f60 (git) Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < 721715655c72640567e8742567520c99801148ed (git) Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < 29b359cf6d95fd60730533f7f10464e95bd17c73 (git) Affected: f661383b5f1aaac3fe121b91e04332944bc90193 (git) Affected: 5.10.186 , < 5.10.227 (semver) Affected: 5.15.119 , < 5.15.168 (semver) Affected: 6.1.36 , < 6.1.112 (semver) Affected: 6.3.10 , < 6.4 (semver) |
|
| Linux | Linux |
Affected:
6.4
Unaffected: 0 , < 6.4 (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.112 , ≤ 6.1.* (semver) Unaffected: 6.6.53 , ≤ 6.6.* (semver) Unaffected: 6.8.8 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T16:20:37.656440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:29.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:17:24.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ff89db14c63a827066446460e39226c0688ef786",
"status": "affected",
"version": "2a90da8e0dd50f42e577988f4219f4f4cd3616b7",
"versionType": "git"
},
{
"lessThan": "ce9fef54c5ec9912a0c9a47bac3195cc41b14679",
"status": "affected",
"version": "45eb6944d0f55102229115de040ef3a48841434a",
"versionType": "git"
},
{
"lessThan": "52735a010f37580b3a569a996f878fdd87425650",
"status": "affected",
"version": "0d836f917520300a8725a5dbdad4406438d0cead",
"versionType": "git"
},
{
"lessThan": "f24d8abc2bb8cbf31ec713336e402eafa8f42f60",
"status": "affected",
"version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
"versionType": "git"
},
{
"lessThan": "721715655c72640567e8742567520c99801148ed",
"status": "affected",
"version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
"versionType": "git"
},
{
"lessThan": "29b359cf6d95fd60730533f7f10464e95bd17c73",
"status": "affected",
"version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
"versionType": "git"
},
{
"status": "affected",
"version": "f661383b5f1aaac3fe121b91e04332944bc90193",
"versionType": "git"
},
{
"lessThan": "5.10.227",
"status": "affected",
"version": "5.10.186",
"versionType": "semver"
},
{
"lessThan": "5.15.168",
"status": "affected",
"version": "5.15.119",
"versionType": "semver"
},
{
"lessThan": "6.1.112",
"status": "affected",
"version": "6.1.36",
"versionType": "semver"
},
{
"lessThan": "6.4",
"status": "affected",
"version": "6.3.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.10.186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.112",
"versionStartIncluding": "6.1.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.53",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: walk over current view on netlink dump\n\nThe generation mask can be updated while netlink dump is in progress.\nThe pipapo set backend walk iterator cannot rely on it to infer what\nview of the datastructure is to be used. Add notation to specify if user\nwants to read/update the set.\n\nBased on patch from Florian Westphal."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:41:15.320Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ff89db14c63a827066446460e39226c0688ef786"
},
{
"url": "https://git.kernel.org/stable/c/ce9fef54c5ec9912a0c9a47bac3195cc41b14679"
},
{
"url": "https://git.kernel.org/stable/c/52735a010f37580b3a569a996f878fdd87425650"
},
{
"url": "https://git.kernel.org/stable/c/f24d8abc2bb8cbf31ec713336e402eafa8f42f60"
},
{
"url": "https://git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed"
},
{
"url": "https://git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73"
}
],
"title": "netfilter: nft_set_pipapo: walk over current view on netlink dump",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27017",
"datePublished": "2024-05-01T05:30:01.888Z",
"dateReserved": "2024-02-19T14:20:24.209Z",
"dateUpdated": "2026-05-23T15:41:15.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27062 (GCVE-0-2024-27062)
Vulnerability from cvelistv5 – Published: 2024-05-01 13:00 – Updated: 2026-05-11 20:09
VLAI
EPSS
Title
nouveau: lock the client object tree.
Summary
In the Linux kernel, the following vulnerability has been resolved:
nouveau: lock the client object tree.
It appears the client object tree has no locking unless I've missed
something else. Fix races around adding/removing client objects,
mostly vram bar mappings.
4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI
[ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27
[ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021
[ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau]
[ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 <48> 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe
[ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206
[ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58
[ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400
[ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000
[ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0
[ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007
[ 4562.099528] FS: 00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000
[ 4562.099534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0
[ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 4562.099544] Call Trace:
[ 4562.099555] <TASK>
[ 4562.099573] ? die_addr+0x36/0x90
[ 4562.099583] ? exc_general_protection+0x246/0x4a0
[ 4562.099593] ? asm_exc_general_protection+0x26/0x30
[ 4562.099600] ? nvkm_object_search+0x1d/0x70 [nouveau]
[ 4562.099730] nvkm_ioctl+0xa1/0x250 [nouveau]
[ 4562.099861] nvif_object_map_handle+0xc8/0x180 [nouveau]
[ 4562.099986] nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau]
[ 4562.100156] ? dma_resv_test_signaled+0x26/0xb0
[ 4562.100163] ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm]
[ 4562.100182] ? __mutex_unlock_slowpath+0x2a/0x270
[ 4562.100189] nouveau_ttm_fault+0x69/0xb0 [nouveau]
[ 4562.100356] __do_fault+0x32/0x150
[ 4562.100362] do_fault+0x7c/0x560
[ 4562.100369] __handle_mm_fault+0x800/0xc10
[ 4562.100382] handle_mm_fault+0x17c/0x3e0
[ 4562.100388] do_user_addr_fault+0x208/0x860
[ 4562.100395] exc_page_fault+0x7f/0x200
[ 4562.100402] asm_exc_page_fault+0x26/0x30
[ 4562.100412] RIP: 0033:0x9b9870
[ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 <44> 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7
[ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246
[ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000
[ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066
[ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000
[ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff
[ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 4562.100446] </TASK>
[ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink
---truncated---
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bf81df9be28657eea4aca8c6ab4ed3e69f8a051c , < 6887314f5356389fc219b8152e951ac084a10ef7
(git)
Affected: bf81df9be28657eea4aca8c6ab4ed3e69f8a051c , < 96c8751844171af4b3898fee3857ee180586f589 (git) Affected: bf81df9be28657eea4aca8c6ab4ed3e69f8a051c , < b7cc4ff787a572edf2c55caeffaa88cd801eb135 (git) |
|
| Linux | Linux |
Affected:
4.3
Unaffected: 0 , < 4.3 (semver) Unaffected: 6.6.24 , ≤ 6.6.* (semver) Unaffected: 6.7.12 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:29:48.801156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:56:45.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6887314f5356389fc219b8152e951ac084a10ef7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96c8751844171af4b3898fee3857ee180586f589"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7cc4ff787a572edf2c55caeffaa88cd801eb135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/include/nvkm/core/client.h",
"drivers/gpu/drm/nouveau/nvkm/core/client.c",
"drivers/gpu/drm/nouveau/nvkm/core/object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6887314f5356389fc219b8152e951ac084a10ef7",
"status": "affected",
"version": "bf81df9be28657eea4aca8c6ab4ed3e69f8a051c",
"versionType": "git"
},
{
"lessThan": "96c8751844171af4b3898fee3857ee180586f589",
"status": "affected",
"version": "bf81df9be28657eea4aca8c6ab4ed3e69f8a051c",
"versionType": "git"
},
{
"lessThan": "b7cc4ff787a572edf2c55caeffaa88cd801eb135",
"status": "affected",
"version": "bf81df9be28657eea4aca8c6ab4ed3e69f8a051c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/include/nvkm/core/client.h",
"drivers/gpu/drm/nouveau/nvkm/core/client.c",
"drivers/gpu/drm/nouveau/nvkm/core/object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: lock the client object tree.\n\nIt appears the client object tree has no locking unless I\u0027ve missed\nsomething else. Fix races around adding/removing client objects,\nmostly vram bar mappings.\n\n 4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI\n[ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27\n[ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021\n[ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 \u003c48\u003e 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe\n[ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206\n[ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58\n[ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400\n[ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000\n[ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0\n[ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007\n[ 4562.099528] FS: 00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000\n[ 4562.099534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0\n[ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4562.099544] Call Trace:\n[ 4562.099555] \u003cTASK\u003e\n[ 4562.099573] ? die_addr+0x36/0x90\n[ 4562.099583] ? exc_general_protection+0x246/0x4a0\n[ 4562.099593] ? asm_exc_general_protection+0x26/0x30\n[ 4562.099600] ? nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099730] nvkm_ioctl+0xa1/0x250 [nouveau]\n[ 4562.099861] nvif_object_map_handle+0xc8/0x180 [nouveau]\n[ 4562.099986] nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau]\n[ 4562.100156] ? dma_resv_test_signaled+0x26/0xb0\n[ 4562.100163] ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm]\n[ 4562.100182] ? __mutex_unlock_slowpath+0x2a/0x270\n[ 4562.100189] nouveau_ttm_fault+0x69/0xb0 [nouveau]\n[ 4562.100356] __do_fault+0x32/0x150\n[ 4562.100362] do_fault+0x7c/0x560\n[ 4562.100369] __handle_mm_fault+0x800/0xc10\n[ 4562.100382] handle_mm_fault+0x17c/0x3e0\n[ 4562.100388] do_user_addr_fault+0x208/0x860\n[ 4562.100395] exc_page_fault+0x7f/0x200\n[ 4562.100402] asm_exc_page_fault+0x26/0x30\n[ 4562.100412] RIP: 0033:0x9b9870\n[ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 \u003c44\u003e 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7\n[ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246\n[ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000\n[ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066\n[ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000\n[ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff\n[ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 4562.100446] \u003c/TASK\u003e\n[ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:09:39.048Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6887314f5356389fc219b8152e951ac084a10ef7"
},
{
"url": "https://git.kernel.org/stable/c/96c8751844171af4b3898fee3857ee180586f589"
},
{
"url": "https://git.kernel.org/stable/c/b7cc4ff787a572edf2c55caeffaa88cd801eb135"
}
],
"title": "nouveau: lock the client object tree.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27062",
"datePublished": "2024-05-01T13:00:21.052Z",
"dateReserved": "2024-02-19T14:20:24.215Z",
"dateUpdated": "2026-05-11T20:09:39.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35839 (GCVE-0-2024-35839)
Vulnerability from cvelistv5 – Published: 2024-05-17 14:27 – Updated: 2026-05-11 20:12
VLAI
EPSS
Title
netfilter: bridge: replace physindev with physinif in nf_bridge_info
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bridge: replace physindev with physinif in nf_bridge_info
An skb can be added to a neigh->arp_queue while waiting for an arp
reply. Where original skb's skb->dev can be different to neigh's
neigh->dev. For instance in case of bridging dnated skb from one veth to
another, the skb would be added to a neigh->arp_queue of the bridge.
As skb->dev can be reset back to nf_bridge->physindev and used, and as
there is no explicit mechanism that prevents this physindev from been
freed under us (for instance neigh_flush_dev doesn't cleanup skbs from
different device's neigh queue) we can crash on e.g. this stack:
arp_process
neigh_update
skb = __skb_dequeue(&neigh->arp_queue)
neigh_resolve_output(..., skb)
...
br_nf_dev_xmit
br_nf_pre_routing_finish_bridge_slow
skb->dev = nf_bridge->physindev
br_handle_frame_finish
Let's use plain ifindex instead of net_device link. To peek into the
original net_device we will use dev_get_by_index_rcu(). Thus either we
get device and are safe to use it or we don't get it and drop skb.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c4e70a87d975d1f561a00abfe2d3cefa2a486c95 , < 7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b
(git)
Affected: c4e70a87d975d1f561a00abfe2d3cefa2a486c95 , < 9325e3188a9cf3f69fc6f32af59844bbc5b90547 (git) Affected: c4e70a87d975d1f561a00abfe2d3cefa2a486c95 , < 544add1f1cfb78c3dfa3e6edcf4668f6be5e730c (git) Affected: c4e70a87d975d1f561a00abfe2d3cefa2a486c95 , < 9874808878d9eed407e3977fd11fee49de1e1d86 (git) |
|
| Linux | Linux |
Affected:
4.2
Unaffected: 0 , < 4.2 (semver) Unaffected: 6.1.75 , ≤ 6.1.* (semver) Unaffected: 6.6.14 , ≤ 6.6.* (semver) Unaffected: 6.7.2 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:26:55.890240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:44.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/netfilter_bridge.h",
"include/linux/skbuff.h",
"net/bridge/br_netfilter_hooks.c",
"net/bridge/br_netfilter_ipv6.c",
"net/ipv4/netfilter/nf_reject_ipv4.c",
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b",
"status": "affected",
"version": "c4e70a87d975d1f561a00abfe2d3cefa2a486c95",
"versionType": "git"
},
{
"lessThan": "9325e3188a9cf3f69fc6f32af59844bbc5b90547",
"status": "affected",
"version": "c4e70a87d975d1f561a00abfe2d3cefa2a486c95",
"versionType": "git"
},
{
"lessThan": "544add1f1cfb78c3dfa3e6edcf4668f6be5e730c",
"status": "affected",
"version": "c4e70a87d975d1f561a00abfe2d3cefa2a486c95",
"versionType": "git"
},
{
"lessThan": "9874808878d9eed407e3977fd11fee49de1e1d86",
"status": "affected",
"version": "c4e70a87d975d1f561a00abfe2d3cefa2a486c95",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/netfilter_bridge.h",
"include/linux/skbuff.h",
"net/bridge/br_netfilter_hooks.c",
"net/bridge/br_netfilter_ipv6.c",
"net/ipv4/netfilter/nf_reject_ipv4.c",
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: replace physindev with physinif in nf_bridge_info\n\nAn skb can be added to a neigh-\u003earp_queue while waiting for an arp\nreply. Where original skb\u0027s skb-\u003edev can be different to neigh\u0027s\nneigh-\u003edev. For instance in case of bridging dnated skb from one veth to\nanother, the skb would be added to a neigh-\u003earp_queue of the bridge.\n\nAs skb-\u003edev can be reset back to nf_bridge-\u003ephysindev and used, and as\nthere is no explicit mechanism that prevents this physindev from been\nfreed under us (for instance neigh_flush_dev doesn\u0027t cleanup skbs from\ndifferent device\u0027s neigh queue) we can crash on e.g. this stack:\n\narp_process\n neigh_update\n skb = __skb_dequeue(\u0026neigh-\u003earp_queue)\n neigh_resolve_output(..., skb)\n ...\n br_nf_dev_xmit\n br_nf_pre_routing_finish_bridge_slow\n skb-\u003edev = nf_bridge-\u003ephysindev\n br_handle_frame_finish\n\nLet\u0027s use plain ifindex instead of net_device link. To peek into the\noriginal net_device we will use dev_get_by_index_rcu(). Thus either we\nget device and are safe to use it or we don\u0027t get it and drop skb."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:12:08.170Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b"
},
{
"url": "https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547"
},
{
"url": "https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c"
},
{
"url": "https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86"
}
],
"title": "netfilter: bridge: replace physindev with physinif in nf_bridge_info",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35839",
"datePublished": "2024-05-17T14:27:30.524Z",
"dateReserved": "2024-05-17T13:50:33.104Z",
"dateUpdated": "2026-05-11T20:12:08.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35898 (GCVE-0-2024-35898)
Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-05-12 11:52
VLAI
EPSS
Title
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can
concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().
And thhere is not any protection when iterate over nf_tables_flowtables
list in __nft_flowtable_type_get(). Therefore, there is pertential
data-race of nf_tables_flowtables list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list
in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller
nft_flowtable_type_get() to protect the entire type query process.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/69d1fe14a680042ec… | |
| https://git.kernel.org/stable/c/a347bc8e6251eaee4… | |
| https://git.kernel.org/stable/c/940d41caa71f0d3a5… | |
| https://git.kernel.org/stable/c/2485bcfe05ee3cf9c… | |
| https://git.kernel.org/stable/c/9b5b7708ec2be21dd… | |
| https://git.kernel.org/stable/c/8b891153b2e4dc0ca… | |
| https://git.kernel.org/stable/c/e684b1674fd1ca436… | |
| https://git.kernel.org/stable/c/24225011d81b471ac… | |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 69d1fe14a680042ec913f22196b58e2c8ff1b007
(git)
Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < a347bc8e6251eaee4b619da28020641eb5b0dd77 (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 940d41caa71f0d3a52df2fde5fada524a993e331 (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 2485bcfe05ee3cf9ca8923a94fa2e456924c79c8 (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 8b891153b2e4dc0ca9d9dab8f619d49c740813df (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < e684b1674fd1ca4361812a491242ae871d6b2859 (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 24225011d81b471acc0e1e315b7d9905459a6304 (git) |
|
| Linux | Linux |
Affected:
4.16
Unaffected: 0 , < 4.16 (semver) Unaffected: 4.19.312 , ≤ 4.19.* (semver) Unaffected: 5.4.274 , ≤ 5.4.* (semver) Unaffected: 5.10.215 , ≤ 5.10.* (semver) Unaffected: 5.15.154 , ≤ 5.15.* (semver) Unaffected: 6.1.85 , ≤ 6.1.* (semver) Unaffected: 6.6.26 , ≤ 6.6.* (semver) Unaffected: 6.8.5 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:29:13.616197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:40:06.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:52:34.280Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69d1fe14a680042ec913f22196b58e2c8ff1b007",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "a347bc8e6251eaee4b619da28020641eb5b0dd77",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "940d41caa71f0d3a52df2fde5fada524a993e331",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "2485bcfe05ee3cf9ca8923a94fa2e456924c79c8",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "8b891153b2e4dc0ca9d9dab8f619d49c740813df",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "e684b1674fd1ca4361812a491242ae871d6b2859",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "24225011d81b471acc0e1e315b7d9905459a6304",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()\n\nnft_unregister_flowtable_type() within nf_flow_inet_module_exit() can\nconcurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().\nAnd thhere is not any protection when iterate over nf_tables_flowtables\nlist in __nft_flowtable_type_get(). Therefore, there is pertential\ndata-race of nf_tables_flowtables list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_flowtables list\nin __nft_flowtable_type_get(), and use rcu_read_lock() in the caller\nnft_flowtable_type_get() to protect the entire type query process."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:13:23.282Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
},
{
"url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
},
{
"url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
},
{
"url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
},
{
"url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
},
{
"url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
},
{
"url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
},
{
"url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
}
],
"title": "netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35898",
"datePublished": "2024-05-19T08:34:52.519Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2026-05-12T11:52:34.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35939 (GCVE-0-2024-35939)
Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-05-23 15:45
VLAI
EPSS
Title
dma-direct: Leak pages on dma_set_decrypted() failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
dma-direct: Leak pages on dma_set_decrypted() failure
On TDX it is possible for the untrusted host to cause
set_memory_encrypted() or set_memory_decrypted() to fail such that an
error is returned and the resulting memory is shared. Callers need to
take care to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional or security
issues.
DMA could free decrypted/shared pages if dma_set_decrypted() fails. This
should be a rare case. Just leak the pages in this case instead of
freeing them.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
56fccf21d1961a06e2a0c96ce446ebf036651062 , < 4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9
(git)
Affected: 56fccf21d1961a06e2a0c96ce446ebf036651062 , < 4031b72ca747a1e6e9ae4fa729e765b43363d66a (git) Affected: 56fccf21d1961a06e2a0c96ce446ebf036651062 , < b57326c96b7bc7638aa8c44e12afa2defe0c934c (git) Affected: 56fccf21d1961a06e2a0c96ce446ebf036651062 , < b9fa16949d18e06bdf728a560f5c8af56d2bdcaf (git) Affected: 91c7b0407ca6a62c095d265f76926b67bf66c026 (git) Affected: 5.7.7 , < 5.8 (semver) |
|
| Linux | Linux |
Affected:
5.8
Unaffected: 0 , < 5.8 (semver) Unaffected: 6.1.86 , ≤ 6.1.* (semver) Unaffected: 6.6.27 , ≤ 6.6.* (semver) Unaffected: 6.8.6 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:32:53.392867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:33.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4031b72ca747a1e6e9ae4fa729e765b43363d66a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b57326c96b7bc7638aa8c44e12afa2defe0c934c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/dma/direct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9",
"status": "affected",
"version": "56fccf21d1961a06e2a0c96ce446ebf036651062",
"versionType": "git"
},
{
"lessThan": "4031b72ca747a1e6e9ae4fa729e765b43363d66a",
"status": "affected",
"version": "56fccf21d1961a06e2a0c96ce446ebf036651062",
"versionType": "git"
},
{
"lessThan": "b57326c96b7bc7638aa8c44e12afa2defe0c934c",
"status": "affected",
"version": "56fccf21d1961a06e2a0c96ce446ebf036651062",
"versionType": "git"
},
{
"lessThan": "b9fa16949d18e06bdf728a560f5c8af56d2bdcaf",
"status": "affected",
"version": "56fccf21d1961a06e2a0c96ce446ebf036651062",
"versionType": "git"
},
{
"status": "affected",
"version": "91c7b0407ca6a62c095d265f76926b67bf66c026",
"versionType": "git"
},
{
"lessThan": "5.8",
"status": "affected",
"version": "5.7.7",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/dma/direct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-direct: Leak pages on dma_set_decrypted() failure\n\nOn TDX it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nDMA could free decrypted/shared pages if dma_set_decrypted() fails. This\nshould be a rare case. Just leak the pages in this case instead of\nfreeing them."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:45:19.884Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9"
},
{
"url": "https://git.kernel.org/stable/c/4031b72ca747a1e6e9ae4fa729e765b43363d66a"
},
{
"url": "https://git.kernel.org/stable/c/b57326c96b7bc7638aa8c44e12afa2defe0c934c"
},
{
"url": "https://git.kernel.org/stable/c/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf"
}
],
"title": "dma-direct: Leak pages on dma_set_decrypted() failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35939",
"datePublished": "2024-05-19T10:10:44.931Z",
"dateReserved": "2024-05-17T13:50:33.131Z",
"dateUpdated": "2026-05-23T15:45:19.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38540 (GCVE-0-2024-38540)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2026-05-11 20:18
VLAI
EPSS
Title
bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
Summary
In the Linux kernel, the following vulnerability has been resolved:
bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called
with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0.
In that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called.
roundup_pow_of_two is documented as undefined for 0.
Fix it in the one caller that had this combination.
The undefined behavior was detected by UBSAN:
UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
shift exponent 64 is too large for 64-bit type 'long unsigned int'
CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4
Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023
Call Trace:
<TASK>
dump_stack_lvl+0x5d/0x80
ubsan_epilogue+0x5/0x30
__ubsan_handle_shift_out_of_bounds.cold+0x61/0xec
__roundup_pow_of_two+0x25/0x35 [bnxt_re]
bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]
bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]
bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
? __kmalloc+0x1b6/0x4f0
? create_qp.part.0+0x128/0x1c0 [ib_core]
? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]
create_qp.part.0+0x128/0x1c0 [ib_core]
ib_create_qp_kernel+0x50/0xd0 [ib_core]
create_mad_qp+0x8e/0xe0 [ib_core]
? __pfx_qp_event_handler+0x10/0x10 [ib_core]
ib_mad_init_device+0x2be/0x680 [ib_core]
add_client_context+0x10d/0x1a0 [ib_core]
enable_device_and_get+0xe0/0x1d0 [ib_core]
ib_register_device+0x53c/0x630 [ib_core]
? srso_alias_return_thunk+0x5/0xfbef5
bnxt_re_probe+0xbd8/0xe50 [bnxt_re]
? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]
auxiliary_bus_probe+0x49/0x80
? driver_sysfs_add+0x57/0xc0
really_probe+0xde/0x340
? pm_runtime_barrier+0x54/0x90
? __pfx___driver_attach+0x10/0x10
__driver_probe_device+0x78/0x110
driver_probe_device+0x1f/0xa0
__driver_attach+0xba/0x1c0
bus_for_each_dev+0x8f/0xe0
bus_add_driver+0x146/0x220
driver_register+0x72/0xd0
__auxiliary_driver_register+0x6e/0xd0
? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]
bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]
? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]
do_one_initcall+0x5b/0x310
do_init_module+0x90/0x250
init_module_from_file+0x86/0xc0
idempotent_init_module+0x121/0x2b0
__x64_sys_finit_module+0x5e/0xb0
do_syscall_64+0x82/0x160
? srso_alias_return_thunk+0x5/0xfbef5
? syscall_exit_to_user_mode_prepare+0x149/0x170
? srso_alias_return_thunk+0x5/0xfbef5
? syscall_exit_to_user_mode+0x75/0x230
? srso_alias_return_thunk+0x5/0xfbef5
? do_syscall_64+0x8e/0x160
? srso_alias_return_thunk+0x5/0xfbef5
? __count_memcg_events+0x69/0x100
? srso_alias_return_thunk+0x5/0xfbef5
? count_memcg_events.constprop.0+0x1a/0x30
? srso_alias_return_thunk+0x5/0xfbef5
? handle_mm_fault+0x1f0/0x300
? srso_alias_return_thunk+0x5/0xfbef5
? do_user_addr_fault+0x34e/0x640
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f4e5132821d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d
RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b
RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0
R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d
R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60
</TASK>
---[ end trace ]---
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/66a9937187ac9b5c5… | |
| https://git.kernel.org/stable/c/84d2f29152184f0d7… | |
| https://git.kernel.org/stable/c/a658f011d89dd20cf… | |
| https://git.kernel.org/stable/c/627493443f3a8458c… | |
| https://git.kernel.org/stable/c/8b799c00cea6fcfe5… | |
| https://git.kernel.org/stable/c/78cfd17142ef70599… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 66a9937187ac9b5c5ffff07b8b284483e56804d1
(git)
Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 84d2f29152184f0d72ed7c9648c4ee6927df4e59 (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < a658f011d89dd20cf2c7cb4760ffd79201700b98 (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 627493443f3a8458cb55cdae1da254a7001123bc (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 8b799c00cea6fcfe5b501bbaeb228c8821acb753 (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 78cfd17142ef70599d6409cbd709d94b3da58659 (git) |
|
| Linux | Linux |
Affected:
5.7
Unaffected: 0 , < 5.7 (semver) Unaffected: 5.15.181 , ≤ 5.15.* (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.33 , ≤ 6.6.* (semver) Unaffected: 6.8.12 , ≤ 6.8.* (semver) Unaffected: 6.9.3 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:37:42.492444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:54:28.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:46.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a658f011d89dd20cf2c7cb4760ffd79201700b98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/627493443f3a8458cb55cdae1da254a7001123bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b799c00cea6fcfe5b501bbaeb228c8821acb753"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78cfd17142ef70599d6409cbd709d94b3da58659"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_fp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "66a9937187ac9b5c5ffff07b8b284483e56804d1",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "84d2f29152184f0d72ed7c9648c4ee6927df4e59",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "a658f011d89dd20cf2c7cb4760ffd79201700b98",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "627493443f3a8458cb55cdae1da254a7001123bc",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "8b799c00cea6fcfe5b501bbaeb228c8821acb753",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "78cfd17142ef70599d6409cbd709d94b3da58659",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_fp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq\n\nUndefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called\nwith hwq_attr-\u003eaux_depth != 0 and hwq_attr-\u003eaux_stride == 0.\nIn that case, \"roundup_pow_of_two(hwq_attr-\u003eaux_stride)\" gets called.\nroundup_pow_of_two is documented as undefined for 0.\n\nFix it in the one caller that had this combination.\n\nThe undefined behavior was detected by UBSAN:\n UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n shift exponent 64 is too large for 64-bit type \u0027long unsigned int\u0027\n CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4\n Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ubsan_epilogue+0x5/0x30\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec\n __roundup_pow_of_two+0x25/0x35 [bnxt_re]\n bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]\n bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]\n bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __kmalloc+0x1b6/0x4f0\n ? create_qp.part.0+0x128/0x1c0 [ib_core]\n ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]\n create_qp.part.0+0x128/0x1c0 [ib_core]\n ib_create_qp_kernel+0x50/0xd0 [ib_core]\n create_mad_qp+0x8e/0xe0 [ib_core]\n ? __pfx_qp_event_handler+0x10/0x10 [ib_core]\n ib_mad_init_device+0x2be/0x680 [ib_core]\n add_client_context+0x10d/0x1a0 [ib_core]\n enable_device_and_get+0xe0/0x1d0 [ib_core]\n ib_register_device+0x53c/0x630 [ib_core]\n ? srso_alias_return_thunk+0x5/0xfbef5\n bnxt_re_probe+0xbd8/0xe50 [bnxt_re]\n ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]\n auxiliary_bus_probe+0x49/0x80\n ? driver_sysfs_add+0x57/0xc0\n really_probe+0xde/0x340\n ? pm_runtime_barrier+0x54/0x90\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x78/0x110\n driver_probe_device+0x1f/0xa0\n __driver_attach+0xba/0x1c0\n bus_for_each_dev+0x8f/0xe0\n bus_add_driver+0x146/0x220\n driver_register+0x72/0xd0\n __auxiliary_driver_register+0x6e/0xd0\n ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]\n ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n do_one_initcall+0x5b/0x310\n do_init_module+0x90/0x250\n init_module_from_file+0x86/0xc0\n idempotent_init_module+0x121/0x2b0\n __x64_sys_finit_module+0x5e/0xb0\n do_syscall_64+0x82/0x160\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? syscall_exit_to_user_mode_prepare+0x149/0x170\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? syscall_exit_to_user_mode+0x75/0x230\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? do_syscall_64+0x8e/0x160\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __count_memcg_events+0x69/0x100\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? count_memcg_events.constprop.0+0x1a/0x30\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? handle_mm_fault+0x1f0/0x300\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? do_user_addr_fault+0x34e/0x640\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f4e5132821d\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d\n RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b\n RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0\n R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d\n R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60\n \u003c/TASK\u003e\n ---[ end trace ]---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:18:38.958Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/66a9937187ac9b5c5ffff07b8b284483e56804d1"
},
{
"url": "https://git.kernel.org/stable/c/84d2f29152184f0d72ed7c9648c4ee6927df4e59"
},
{
"url": "https://git.kernel.org/stable/c/a658f011d89dd20cf2c7cb4760ffd79201700b98"
},
{
"url": "https://git.kernel.org/stable/c/627493443f3a8458cb55cdae1da254a7001123bc"
},
{
"url": "https://git.kernel.org/stable/c/8b799c00cea6fcfe5b501bbaeb228c8821acb753"
},
{
"url": "https://git.kernel.org/stable/c/78cfd17142ef70599d6409cbd709d94b3da58659"
}
],
"title": "bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38540",
"datePublished": "2024-06-19T13:35:15.823Z",
"dateReserved": "2024-06-18T19:36:34.918Z",
"dateUpdated": "2026-05-11T20:18:38.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38541 (GCVE-0-2024-38541)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2026-05-11 20:18
VLAI
EPSS
Title
of: module: add buffer overflow check in of_modalias()
Summary
In the Linux kernel, the following vulnerability has been resolved:
of: module: add buffer overflow check in of_modalias()
In of_modalias(), if the buffer happens to be too small even for the 1st
snprintf() call, the len parameter will become negative and str parameter
(if not NULL initially) will point beyond the buffer's end. Add the buffer
overflow check after the 1st snprintf() call and fix such check after the
strlen() call (accounting for the terminating NUL char).
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/46795440ef2b4ac91… | |
| https://git.kernel.org/stable/c/733e62786bdf1b2b9… | |
| https://git.kernel.org/stable/c/c7f24b7d94549ff46… | |
| https://git.kernel.org/stable/c/5d59fd637a8af42b2… | |
| https://git.kernel.org/stable/c/0b0d5701a8bf02f8f… | |
| https://git.kernel.org/stable/c/ee332023adfd58828… | |
| https://git.kernel.org/stable/c/e45b69360a6316537… | |
| https://git.kernel.org/stable/c/cf7385cb26ac4f0ee… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bc575064d688c8933a6ca51429bea9bc63628d3b , < 46795440ef2b4ac919d09310a69a404c5bc90a88
(git)
Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < 733e62786bdf1b2b9dbb09ba2246313306503414 (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8 (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < 5d59fd637a8af42b211a92b2edb2474325b4d488 (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < 0b0d5701a8bf02f8fee037e81aacf6746558bfd6 (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < ee332023adfd5882808f2dabf037b32d6ce36f9e (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < e45b69360a63165377b30db4a1dfddd89ca18e9a (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < cf7385cb26ac4f0ee6c7385960525ad534323252 (git) |
|
| Linux | Linux |
Affected:
4.14
Unaffected: 0 , < 4.14 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.136 , ≤ 6.1.* (semver) Unaffected: 6.6.33 , ≤ 6.6.* (semver) Unaffected: 6.8.12 , ≤ 6.8.* (semver) Unaffected: 6.9.3 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
|
| linux | linux_kernel |
Affected:
bc575064d688 , < 0b0d5701a8bf
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Affected:
bc575064d688 , < ee332023adfd
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Affected:
bc575064d688 , < e45b69360a63
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Affected:
bc575064d688 , < cf7385cb26ac
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Affected:
4.14
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
0 , < 4.14
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
6.6.33 , ≤ 6.7
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
6.8.12 , ≤ 6.9
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
6.9.3 , ≤ 6.10
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
6.10-rc1
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0b0d5701a8bf",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ee332023adfd",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e45b69360a63",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cf7385cb26ac",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.14"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.10-rc1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T19:51:57.578646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:56:15.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:30:14.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/of/module.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "46795440ef2b4ac919d09310a69a404c5bc90a88",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "733e62786bdf1b2b9dbb09ba2246313306503414",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "5d59fd637a8af42b211a92b2edb2474325b4d488",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "0b0d5701a8bf02f8fee037e81aacf6746558bfd6",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "ee332023adfd5882808f2dabf037b32d6ce36f9e",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "e45b69360a63165377b30db4a1dfddd89ca18e9a",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "cf7385cb26ac4f0ee6c7385960525ad534323252",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/of/module.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.136",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: add buffer overflow check in of_modalias()\n\nIn of_modalias(), if the buffer happens to be too small even for the 1st\nsnprintf() call, the len parameter will become negative and str parameter\n(if not NULL initially) will point beyond the buffer\u0027s end. Add the buffer\noverflow check after the 1st snprintf() call and fix such check after the\nstrlen() call (accounting for the terminating NUL char)."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:18:40.178Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/46795440ef2b4ac919d09310a69a404c5bc90a88"
},
{
"url": "https://git.kernel.org/stable/c/733e62786bdf1b2b9dbb09ba2246313306503414"
},
{
"url": "https://git.kernel.org/stable/c/c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8"
},
{
"url": "https://git.kernel.org/stable/c/5d59fd637a8af42b211a92b2edb2474325b4d488"
},
{
"url": "https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6"
},
{
"url": "https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e"
},
{
"url": "https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a"
},
{
"url": "https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252"
}
],
"title": "of: module: add buffer overflow check in of_modalias()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38541",
"datePublished": "2024-06-19T13:35:16.637Z",
"dateReserved": "2024-06-18T19:36:34.919Z",
"dateUpdated": "2026-05-11T20:18:40.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38586 (GCVE-0-2024-38586)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2026-05-11 20:19
VLAI
EPSS
Title
r8169: Fix possible ring buffer corruption on fragmented Tx packets.
Summary
In the Linux kernel, the following vulnerability has been resolved:
r8169: Fix possible ring buffer corruption on fragmented Tx packets.
An issue was found on the RTL8125b when transmitting small fragmented
packets, whereby invalid entries were inserted into the transmit ring
buffer, subsequently leading to calls to dma_unmap_single() with a null
address.
This was caused by rtl8169_start_xmit() not noticing changes to nr_frags
which may occur when small packets are padded (to work around hardware
quirks) in rtl8169_tso_csum_v2().
To fix this, postpone inspecting nr_frags until after any padding has been
applied.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/61c1c98e2607120ce… | |
| https://git.kernel.org/stable/c/b6d21cf40de103d63… | |
| https://git.kernel.org/stable/c/0c48185a953095567… | |
| https://git.kernel.org/stable/c/68222d7b4b72aa321… | |
| https://git.kernel.org/stable/c/078d5b7500d70af2d… | |
| https://git.kernel.org/stable/c/54e7a0d111240c92c… | |
| https://git.kernel.org/stable/c/c71e3a5cffd5309d7… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 61c1c98e2607120ce9c3fa1bf75e6da909712b27
(git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < b6d21cf40de103d63ae78551098a7c06af8c98dd (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 0c48185a95309556725f818b82120bb74e9c627d (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 68222d7b4b72aa321135cd453dac37f00ec41fd1 (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 078d5b7500d70af2de6b38e226b03f0b932026a6 (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 54e7a0d111240c92c0f02ceba6eb8f26bf6d6479 (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < c71e3a5cffd5309d7f84444df03d5b72600cc417 (git) |
|
| Linux | Linux |
Affected:
5.7
Unaffected: 0 , < 5.7 (semver) Unaffected: 5.10.221 , ≤ 5.10.* (semver) Unaffected: 5.15.161 , ≤ 5.15.* (semver) Unaffected: 6.1.93 , ≤ 6.1.* (semver) Unaffected: 6.6.33 , ≤ 6.6.* (semver) Unaffected: 6.8.12 , ≤ 6.8.* (semver) Unaffected: 6.9.3 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:50.332760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:55.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/realtek/r8169_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "61c1c98e2607120ce9c3fa1bf75e6da909712b27",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "b6d21cf40de103d63ae78551098a7c06af8c98dd",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "0c48185a95309556725f818b82120bb74e9c627d",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "68222d7b4b72aa321135cd453dac37f00ec41fd1",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "078d5b7500d70af2de6b38e226b03f0b932026a6",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "54e7a0d111240c92c0f02ceba6eb8f26bf6d6479",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "c71e3a5cffd5309d7f84444df03d5b72600cc417",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/realtek/r8169_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: Fix possible ring buffer corruption on fragmented Tx packets.\n\nAn issue was found on the RTL8125b when transmitting small fragmented\npackets, whereby invalid entries were inserted into the transmit ring\nbuffer, subsequently leading to calls to dma_unmap_single() with a null\naddress.\n\nThis was caused by rtl8169_start_xmit() not noticing changes to nr_frags\nwhich may occur when small packets are padded (to work around hardware\nquirks) in rtl8169_tso_csum_v2().\n\nTo fix this, postpone inspecting nr_frags until after any padding has been\napplied."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:19:35.312Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
},
{
"url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
},
{
"url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
},
{
"url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
},
{
"url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
},
{
"url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
},
{
"url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
}
],
"title": "r8169: Fix possible ring buffer corruption on fragmented Tx packets.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38586",
"datePublished": "2024-06-19T13:37:41.879Z",
"dateReserved": "2024-06-18T19:36:34.929Z",
"dateUpdated": "2026-05-11T20:19:35.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38608 (GCVE-0-2024-38608)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:56 – Updated: 2026-05-11 20:20
VLAI
EPSS
Title
net/mlx5e: Fix netif state handling
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix netif state handling
mlx5e_suspend cleans resources only if netif_device_present() returns
true. However, mlx5e_resume changes the state of netif, via
mlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.
In the below case, the above leads to NULL-ptr Oops[1] and memory
leaks:
mlx5e_probe
_mlx5e_resume
mlx5e_attach_netdev
mlx5e_nic_enable <-- netdev not reg, not calling netif_device_attach()
register_netdev <-- failed for some reason.
ERROR_FLOW:
_mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(
Hence, clean resources in this case as well.
[1]
BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: 0010 [#1] SMP
CPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:0x0
Code: Unable to access opcode bytes at0xffffffffffffffd6.
RSP: 0018:ffff888178aaf758 EFLAGS: 00010246
Call Trace:
<TASK>
? __die+0x20/0x60
? page_fault_oops+0x14c/0x3c0
? exc_page_fault+0x75/0x140
? asm_exc_page_fault+0x22/0x30
notifier_call_chain+0x35/0xb0
blocking_notifier_call_chain+0x3d/0x60
mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]
mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]
mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]
mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]
__mlx5_ib_add+0x34/0xd0 [mlx5_ib]
mlx5r_probe+0xe1/0x210 [mlx5_ib]
? auxiliary_match_id+0x6a/0x90
auxiliary_bus_probe+0x38/0x80
? driver_sysfs_add+0x51/0x80
really_probe+0xc9/0x3e0
? driver_probe_device+0x90/0x90
__driver_probe_device+0x80/0x160
driver_probe_device+0x1e/0x90
__device_attach_driver+0x7d/0x100
bus_for_each_drv+0x80/0xd0
__device_attach+0xbc/0x1f0
bus_probe_device+0x86/0xa0
device_add+0x637/0x840
__auxiliary_device_add+0x3b/0xa0
add_adev+0xc9/0x140 [mlx5_core]
mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]
mlx5_register_device+0x53/0xa0 [mlx5_core]
mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]
mlx5_init_one+0x3b/0x60 [mlx5_core]
probe_one+0x44c/0x730 [mlx5_core]
local_pci_probe+0x3e/0x90
pci_device_probe+0xbf/0x210
? kernfs_create_link+0x5d/0xa0
? sysfs_do_create_link_sd+0x60/0xc0
really_probe+0xc9/0x3e0
? driver_probe_device+0x90/0x90
__driver_probe_device+0x80/0x160
driver_probe_device+0x1e/0x90
__device_attach_driver+0x7d/0x100
bus_for_each_drv+0x80/0xd0
__device_attach+0xbc/0x1f0
pci_bus_add_device+0x54/0x80
pci_iov_add_virtfn+0x2e6/0x320
sriov_enable+0x208/0x420
mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]
sriov_numvfs_store+0xae/0x1a0
kernfs_fop_write_iter+0x10c/0x1a0
vfs_write+0x291/0x3c0
ksys_write+0x5f/0xe0
do_syscall_64+0x3d/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2c3b5beec46ab0d77c94828eb15170b333ae769a , < f7e6cfb864a53af71c5cc904f1cc22215d68f5c6
(git)
Affected: 2c3b5beec46ab0d77c94828eb15170b333ae769a , < 3d5918477f94e4c2f064567875c475468e264644 (git) |
|
| Linux | Linux |
Affected:
4.12
Unaffected: 0 , < 4.12 (semver) Unaffected: 6.9.3 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T19:44:05.361644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:44:14.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f7e6cfb864a53af71c5cc904f1cc22215d68f5c6",
"status": "affected",
"version": "2c3b5beec46ab0d77c94828eb15170b333ae769a",
"versionType": "git"
},
{
"lessThan": "3d5918477f94e4c2f064567875c475468e264644",
"status": "affected",
"version": "2c3b5beec46ab0d77c94828eb15170b333ae769a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n mlx5e_attach_netdev\n mlx5e_nic_enable \u003c-- netdev not reg, not calling netif_device_attach()\n register_netdev \u003c-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend \u003c-- netif_device_present return false, resources aren\u0027t freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:20:01.038Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6"
},
{
"url": "https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644"
}
],
"title": "net/mlx5e: Fix netif state handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38608",
"datePublished": "2024-06-19T13:56:10.614Z",
"dateReserved": "2024-06-18T19:36:34.941Z",
"dateUpdated": "2026-05-11T20:20:01.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39503 (GCVE-0-2024-39503)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2026-05-23 15:50
VLAI
EPSS
Title
netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
Lion Ackermann reported that there is a race condition between namespace cleanup
in ipset and the garbage collection of the list:set type. The namespace
cleanup can destroy the list:set type of sets while the gc of the set type is
waiting to run in rcu cleanup. The latter uses data from the destroyed set which
thus leads use after free. The patch contains the following parts:
- When destroying all sets, first remove the garbage collectors, then wait
if needed and then destroy the sets.
- Fix the badly ordered "wait then remove gc" for the destroy a single set
case.
- Fix the missing rcu locking in the list:set type in the userspace test
case.
- Use proper RCU list handlings in the list:set type.
The patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc).
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/c0761d1f1ce1d5b85… | |
| https://git.kernel.org/stable/c/93b53c202b51a69e4… | |
| https://git.kernel.org/stable/c/0f1bb77c6d837c951… | |
| https://git.kernel.org/stable/c/390b353d1a1da3e9c… | |
| https://git.kernel.org/stable/c/2ba35b37f780c6410… | |
| https://git.kernel.org/stable/c/90ae20d47de602198… | |
| https://git.kernel.org/stable/c/4e7aaa6b82d63e8dd… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://cert-portal.siemens.com/productcert/html/… | |
| https://cert-portal.siemens.com/productcert/html/… | |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c7f2733e5011bfd136f1ca93497394d43aa76225 , < c0761d1f1ce1d5b85b5e82bbb714df12de1aa8c3
(git)
Affected: a24d5f2ac8ef702a58e55ec276aad29b4bd97e05 , < 93b53c202b51a69e42ca57f5a183f7e008e19f83 (git) Affected: c2dc077d8f722a1c73a24e674f925602ee5ece49 , < 0f1bb77c6d837c9513943bc7c08f04c5cc5c6568 (git) Affected: 653bc5e6d9995d7d5f497c665b321875a626161c , < 390b353d1a1da3e9c6c0fd14fe650d69063c95d6 (git) Affected: b93a6756a01f4fd2f329a39216f9824c56a66397 , < 2ba35b37f780c6410bb4bba9c3072596d8576702 (git) Affected: 97f7cf1cd80eeed3b7c808b7c12463295c751001 , < 90ae20d47de602198eb69e6cd7a3db3420abfc08 (git) Affected: 97f7cf1cd80eeed3b7c808b7c12463295c751001 , < 4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10 (git) Affected: 970709a67696b100a57b33af1a3d75fc34b747eb (git) Affected: 5.4.269 , < 5.4.279 (semver) Affected: 5.10.210 , < 5.10.221 (semver) Affected: 5.15.149 , < 5.15.162 (semver) Affected: 6.1.79 , < 6.1.95 (semver) Affected: 6.6.18 , < 6.6.35 (semver) Affected: 6.7.6 , < 6.8 (semver) |
|
| Linux | Linux |
Affected:
6.8
Unaffected: 0 , < 6.8 (semver) Unaffected: 5.4.279 , ≤ 5.4.* (semver) Unaffected: 5.10.221 , ≤ 5.10.* (semver) Unaffected: 5.15.162 , ≤ 5.15.* (semver) Unaffected: 6.1.95 , ≤ 6.1.* (semver) Unaffected: 6.6.35 , ≤ 6.6.* (semver) Unaffected: 6.9.6 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | RUGGEDCOM RST2428P |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:56:23.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0761d1f1ce1d5b85b5e82bbb714df12de1aa8c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93b53c202b51a69e42ca57f5a183f7e008e19f83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f1bb77c6d837c9513943bc7c08f04c5cc5c6568"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/390b353d1a1da3e9c6c0fd14fe650d69063c95d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ba35b37f780c6410bb4bba9c3072596d8576702"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90ae20d47de602198eb69e6cd7a3db3420abfc08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:04.128981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:40.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:55:36.367Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/ipset/ip_set_core.c",
"net/netfilter/ipset/ip_set_list_set.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c0761d1f1ce1d5b85b5e82bbb714df12de1aa8c3",
"status": "affected",
"version": "c7f2733e5011bfd136f1ca93497394d43aa76225",
"versionType": "git"
},
{
"lessThan": "93b53c202b51a69e42ca57f5a183f7e008e19f83",
"status": "affected",
"version": "a24d5f2ac8ef702a58e55ec276aad29b4bd97e05",
"versionType": "git"
},
{
"lessThan": "0f1bb77c6d837c9513943bc7c08f04c5cc5c6568",
"status": "affected",
"version": "c2dc077d8f722a1c73a24e674f925602ee5ece49",
"versionType": "git"
},
{
"lessThan": "390b353d1a1da3e9c6c0fd14fe650d69063c95d6",
"status": "affected",
"version": "653bc5e6d9995d7d5f497c665b321875a626161c",
"versionType": "git"
},
{
"lessThan": "2ba35b37f780c6410bb4bba9c3072596d8576702",
"status": "affected",
"version": "b93a6756a01f4fd2f329a39216f9824c56a66397",
"versionType": "git"
},
{
"lessThan": "90ae20d47de602198eb69e6cd7a3db3420abfc08",
"status": "affected",
"version": "97f7cf1cd80eeed3b7c808b7c12463295c751001",
"versionType": "git"
},
{
"lessThan": "4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10",
"status": "affected",
"version": "97f7cf1cd80eeed3b7c808b7c12463295c751001",
"versionType": "git"
},
{
"status": "affected",
"version": "970709a67696b100a57b33af1a3d75fc34b747eb",
"versionType": "git"
},
{
"lessThan": "5.4.279",
"status": "affected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThan": "5.10.221",
"status": "affected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThan": "5.15.162",
"status": "affected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThan": "6.1.95",
"status": "affected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThan": "6.6.35",
"status": "affected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThan": "6.8",
"status": "affected",
"version": "6.7.6",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/ipset/ip_set_core.c",
"net/netfilter/ipset/ip_set_list_set.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "6.1.79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "6.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: Fix race between namespace cleanup and gc in the list:set type\n\nLion Ackermann reported that there is a race condition between namespace cleanup\nin ipset and the garbage collection of the list:set type. The namespace\ncleanup can destroy the list:set type of sets while the gc of the set type is\nwaiting to run in rcu cleanup. The latter uses data from the destroyed set which\nthus leads use after free. The patch contains the following parts:\n\n- When destroying all sets, first remove the garbage collectors, then wait\n if needed and then destroy the sets.\n- Fix the badly ordered \"wait then remove gc\" for the destroy a single set\n case.\n- Fix the missing rcu locking in the list:set type in the userspace test\n case.\n- Use proper RCU list handlings in the list:set type.\n\nThe patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc)."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:50:30.898Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c0761d1f1ce1d5b85b5e82bbb714df12de1aa8c3"
},
{
"url": "https://git.kernel.org/stable/c/93b53c202b51a69e42ca57f5a183f7e008e19f83"
},
{
"url": "https://git.kernel.org/stable/c/0f1bb77c6d837c9513943bc7c08f04c5cc5c6568"
},
{
"url": "https://git.kernel.org/stable/c/390b353d1a1da3e9c6c0fd14fe650d69063c95d6"
},
{
"url": "https://git.kernel.org/stable/c/2ba35b37f780c6410bb4bba9c3072596d8576702"
},
{
"url": "https://git.kernel.org/stable/c/90ae20d47de602198eb69e6cd7a3db3420abfc08"
},
{
"url": "https://git.kernel.org/stable/c/4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10"
}
],
"title": "netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39503",
"datePublished": "2024-07-12T12:20:36.299Z",
"dateReserved": "2024-06-25T14:23:23.752Z",
"dateUpdated": "2026-05-23T15:50:30.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…